Smart home devices can make some tasks around the house more convenient, but if there is a data breach, they can prove to be more trouble than they are worth — especially when protections aren’t in place to keep your data safe and secure. As internet-connected devices are getting more and more popular, lawmakers are starting to look at new ways to help protect consumers and ensure their data isn’t being put at risk by the companies that hold it.
At the federal level, there have been a number of attempts to add regulations that would protect owners of internet of things devices. The Cybersecurity Improvement Act of 2019, introduced last month by Senator Mark Warner of Virginia, would create new requirements for internet-connected devices. The details of the bill are a bit sparse, but it would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow. Those rules would aim to shore up some of the cybersecurity shortcomings that currently plague internet-connected devices, like easy-to-guess default passwords that put millions of products and the households that have them at risk.
In Oregon, lawmakers are pursuing a similar path. The state’s House of Representatives recently passed a bill that will require each smart device sold in the state to come with a unique password. The extremely simple requirement is one of the easiest ways to mitigate brute force attacks, in which hackers are able to crack the protection on devices because they use a default password that owners often opt not to change. Hackers can then set up botnets and other attacks that can target many devices at once. Oregon’s law would also require device manufacturers to follow any federal laws that are passed if they implement stricter requirements than the state’s own laws.
This content was originally published here.