California IoT law in force

The state of California in the USA was the first of its country to pass a law (SB-327) on IT security for IoT (Internet of Things)

IoT devices, smarthomes and connected devices should make our lives easier. That sounds very good to everyone and who wouldn’t like to remotely set the temperature in their apartment via the app?

Systems and devices with internet access are a significant IT security risk these days. The state of California in the USA was the first of its country to pass a law (SB-327) on IT security for IoT (Internet of Things) and that has been in force since January 1, 2020.

It applies to all devices that are directly or indirectly connected to the Internet and places a minimum requirement on the IT security of the device.

Law SB-327 requires manufacturers to ensure adequate security and, above all, not to use default passwords.

Our interpretation of this law is as follows:

1. The security level of the device must be adapted to the application or usecase. For example, for a sensor that only provides data, other measures are required compared to a remote maintenance router that gives access to sensitive data. For this purpose, we used the IEC 62443-4-2 in use with the Teletrust test scheme when developing and manufacturing our devices.

2. The security device is intended to protect against hackers who want to access and modify the device. For example, the device should not accept third-party modified firmware and demonstrate a secure boot process. We at MB connect line sign our firmware and our firmware trust anchors are tamper-proof burned onto the device. In addition, all security keys are stored in a hardware-secure element and cannot be viewed by software.

3. If a device can be accessed via the public Internet, then the device should either a) have an individual password (definitely not a standard password like admin / admin or similar) or b) the user is forced to set a password during commissioning, our systems are delivered with secure individual passwords.

With our devices mbNET and mbNETFIX we are 100% compliant with the law SB-327. You can find out more about the security features of our devices here.

Conclusion:

The planned norms and standards, such as IEC 62443, are of international importance and have an increasing impact on future devices and solutions. Nevertheless, the following still applies: Security is not a product, but a process that you also have to live. California shows here that at least you have to start setting a few standards. Minimum requirements, such as regulating secure passwords by law, are at least not a bad idea.

Find your sales partner

Find your personal contact person in your area.

Find your sales partner

Start your remote services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

Start now
u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

To our Helpdesk

Stay informed

Subscribe here to get updates on IoT and remote access solutions, products and features and get the latest cybersecurity updates.

Subscribe now

You have questions?

Write us!

Allgemeine Anfrage EN

Callmeback

As a strong brand MB connect line provides you with solutions for Secure Remote Access, IIoT and Industrial Security.

We unlock the value of data by developing and manufacturing innovative solutions to access, connect and visualize your information.

SECURITY IS OUR PROMISE.

Red Lion Europe GmbH

Winnettener Str. 6
91550 Dinkelsbühl
Germany

Contact

Phone: +49 98 51 / 58 25 29 0
Fax: +49 98 51 / 58 25 29 99

Follow us
Subscribe newsletter
Support

helpdesk.mbconnectline.com
Phone: +49 98 51 / 58 25 29 900

Quick Links
Download Portal
Security Whitepaper
Success Story Brochure
Imprint
General Terms and Conditions
Privacy Policys
Login Extranet