IoT Legislation Device Manufacturers Need to Know about

As an IoT device manufacturer, you need to meet government agency requirements and avoid penalties by adhering to the regulations and standards brought about by IoT legislation. According to the 2020 IoT Cybersecurity Improvement Act, government agencies should ensure IoT device security.

To be more specific, the IoT industry follows federal security laws and regulations along with many other government levels. This is in light of the maturation of said industry. 

The “Internet of Things” Legislation You Need to Know About

IoT refers to “Internet of Things”. It’s the network of physical objects or devices that have sensors, software, and similar tech embedded unto them, like in the case of a smart home full of doorbells, microwaves, thermostat, TVs, computers, and phones with smart sensor tech unto them.

Government agencies in places like Oregon and California must be extra vigilant in light of these states already passing the IoT cybersecurity act. The regulations should have a huge influence on how devices are made across the U.S.

It provides a lot of promise and advantages plus IoT is projected to transform various industries in amazing quickness, including energy, smart homes, commercial building construction, healthcare, retail, and manufacturing.

The Huge Potential of IoT

The involved parties should keep abreast of the ever-changing rules made in light of IoT’s rapid progress. According to surveys, worldwide IoT spending has an 11.3 percent combined annual growth rate or CAGR over the forecast period of 2020 to 2024.

  • Dangers and Risks of IoT: Like in the case of technology forcing sweeping changes to outdated rules and regulation, the huge potential of IoT growth has been realized, thus regulatory boards and government agencies must ask now in order to curb potential risks and dangers.
  • Taking into Account Attacker Creativity: Some attackers might use search engines in order to locate on the Internet various IoT devices. Many criminals widely use a function typically reserved for use by infosec professionals only.
  • Standards for Connective Devices: The standards for connective devices must be regulated and kept high to prevent the obvious danger of hacking by the growing digital underworld of cybercriminals and online outlaws.  
  • Proper Security in Mind: The  issued regulations cover a variety of IoT forms with specific nomenclature in order to prevent red tape and administrative loopholes that companies may exploit or criminals might take advantage of to allow for breaches that can’t be prosecuted.
  • Security Mandates  with Government Backing: The updates to IoT legislation have come forth with the backing of government and industry group  purchasing power. They could also be presented voluntarily as a general guidance for best practices of end users and vendors.

An Update on Asian and Australian Standards

The updates done on the latest global standards of IoT have come about with certain vulnerabilities in mind, like IT-savvy attackers finding unprotected, no-password IoT devices unto the Internet in order to exploit their weaknesses, spy on families, commit identity theft, or get their unencrypted data.

  • Asia and the Pacific: In Asia and the South Pacific, more than a couple of nations have developed best practices and security recommendations for the IoT vendors in their neck of the woods. This also includes standards covering organization end users that use IoT.
  • Australia: The cybersecurity code of practice in Australia that covers IoT standards is voluntary. It features about 10-20 principles for all devices of the IoT type that have Internet connectivity and can send or receive data.
  • Examples of Safety Standards: The standards for Asia and Australia involve an emphasis on strong passwords, multi-factor authentication (a cell phone and a laptop confirmation code is required for extra security), and secure credentials storage.
  • What’s a Strong Password? You won’t be allowed to connect to the Internet until you meet the limits of the password having a mix of letters and numbers, one special character, and one capital letter. You’re also kept from using “123456” or “password” as the password.
  • Vulnerability Disclosure: It’s recommended that companies set up a policy for vulnerability disclosure as well. This designates the point of contact for any arising issues. This keeps everything on the up and up.

Singapore’s Aggressive or Strict Standards

Singapore has some strict or even aggressive IoT principles and regulations. Their IoT Cybersecurity Guide offers vendors and enterprise-level end users better guidance when it comes to IoT technology deployment. This includes fundamental security design standards.

The country also published an IoT standards suite that includes detailed technical IoT and sensor references that address the lack of any coherent standards or sensor networks. Their laws concentrate on interoperability of the interface.

Singaporean companies establish a security label initiative for smart home devices. This better inform consumers in the end.

New Regulations in Europe, Brazil, and the United Kingdom

Several European Union and United Kingdom governments specifically focus on IoT device standards. For instance, UK’s Department for Digital, Culture, Media, and Sport (DCMS) regulations make sure all IoT appliances are protected and secure software-wise.

  • Unique Passwords: According to standards, the passwords are ensured to be unique and couldn’t be reset to default factory settings. The standards also tell vendors to provide contact details in public for the sake of vulnerability reporting.
  • Euro Commission in Charge: The European Commission is in charge of not only dealing with the union’s daily affairs. It’s also considering creating the “Trust Label” for IoT. This should strengthen the protection of end-to-end personal data in IoT networks.
  • Brazil Takes Free Market Approach: Brazil offers incentives, tax reforms, and so forth to encourage vendors to offer better IoT security standards. Law 14.108/2020 reduces to zero operation inspections and machine-to-machine (M2M) communication systems license fees.
  • Brazil Wishes to Grow the Industry: Brazilian safety standards are about encouraging industry growth and facilitating development of the Industry 4.0 systems. The law also focuses on jumpstarting secondary markets like security solutions for privacy.

Keep This in Mind 

Just follow the new updated regulations and read up on it via multiple articles to safely manufacture the IoT devices without breaking the law. Keep updated of any changes to it that  might come by precedents or issues facing IoT security at  present.Although it might pay to consult with criminal defense lawyers Orlando in order to learn about these standards, you should still have a basic understanding of these laws regardless before poring through its fine details.

Leave a Reply
Previous Post

What is Penetration Testing & how does it works

Next Post

Beginner’s Guide To Big Data

Related Posts