In late August, California Governor Jerry Brown and state senate passed a cybersecurity law covering the privacy for smart devices. The bill becomes active starting January 1st, 2020 requiring any IoT device to be manufactured and maintained with “reasonable security procedures and practices”. The bill ensures that there must be a unique password for every device or a customizable password set by users if reachable outside of their local area network.
Reporter of the Verge, Adi Robertson, covers this announcement in her article and illuminates the problems some people have with the new law. A critic she refers to — cybersecurity expert Robert Graham — argues that the bill is too vague to cover all of the potential security holes. However, Graham and others praise the password requirement and that it is a good start for IoT cybersecurity.