Last year, on Friday, Sep. 28th 2018, the state of California, passed a Senate Bill 327 (SB 327) regarding the Internet of Things (IoT). The bill mandated the use of “reasonable” security features in connected devices that can be authenticated outside a local area network, essentially, categorizing anything that can be accessed via the Internet to SB 327. With further advancements in IoT technology, certain security issues, which can’t even be imagined right now, i.e. difficult to predict are increasingly occupying the thoughts of lawmakers.
But before scrutinizing the technology or concerned legal implications, one must understand the notion of the Internet of Things. IoT can be considered as a worldwide network of unique addressable devices which communicate among each other through a specific network protocol, i.e. IoT devices connected on a network collect, transmit and process data among each other. Thus, IoT as a whole is the Internet itself in an utterly different manner objectifying devices as a primary source of information. Domestic equipment, automobiles, smart TVs and many other smart home devices communicate through a network, thus they are all engulfed into one busy network that governs them.
Now, what’s alarming about this network is lack of security, every device on the network is a potential entry point to the network, breaching one risks breaching the entire network, and with increased IoT adoption, this network attack surface has enlarged quite a bit.
Recent Mirai DDoS attack is evidence enough, to think of the extent of damage a vulnerable point in the network can do. Thus, its increasingly becoming necessary to regulate this plethora of devices which companies, in the rush to market, launch without any concern for device security.