Internet of Things

This post is also available in: Español

Currently, security is the greatest challenge for the Internet of Things (IoT). It is an enormous challenge, considering (i) that millions of IoT devices, services and applications are currently in use; and (ii) the large number of IoT users.

To ensure the necessary security conditions are fulfilled, and given the flaws in IoT devices recently found, California stepped forward and became the first US State to have an IoT cybersecurity Act.

The Act defines connected devices as “any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address,” and it will enter into force on January 1, 2020. The purpose of the Act is to protect (i) device users’ security by blocking any unauthorized access; and (ii) the information contained in these devices from modification or disclosure.

The definition of “connected devices” is broad, encompassing numerous devices, such as light bulbs, cell phones, security cameras, medical diagnostic equipment and televisions.

Under the Act, all manufacturers of a “connected device” must ensure that connected devices are equipped with “reasonable” security features that ensure users’ privacy and security. The Act also defines “manufacturer” broadly, encompassing both companies producing connected devices and (with certain exceptions) any companies contracting with third parties to manufacture connected devices on their behalf.

Given this need to tackle the security challenges related to smart devices, after preparing a non-binding Code of Practice, the United Kingdom announced that it intends to pass legislation on IoT device security.

Hopefully, many countries will share these concerns soon, and they will pass legislation requiring manufacturers to at least consider security by design when developing these types of devices.

Autora: Ana Sánchez

This post is also available in: Español



47 artículos