Sen. Ed Markey, D-Mass., and Rep. Ted Lieu, D-Calif., reintroduced the Cyber Shield Act, which would create a voluntary system to certify cybersecurity protections for internet of things (IoT) devices.
The Cyber Shield Act would direct the Commerce Department to create an advisory committee with members from government, industry, and academia that would come up with cybersecurity benchmarks for IoT devices including consumer-oriented products such as phones, laptop computers, smart locks, home assistants, and baby monitors.
IoT device makers could then voluntarily certify that their products meet those standards and could put “Cyber Shield” labels on their products, the lawmakers said.
“The IoT will also stand for the Internet of Threats until we put in place appropriate cybersecurity safeguards,” Sen. Markey said in a statement. “With as many as 75 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, personal privacy, and global security. By creating a cybersecurity certification program, the Cyber Shield Act will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety.”
Rep. Lieu acknowledged the importance of encouraging technological innovation, saying, “Championing innovation is important, because technological advancement can make our lives easier and more efficient.”
However, he stressed that every innovation brings about new threats and vulnerabilities, “For every smart refrigerator or WiFi-enabled baby monitor, there comes increased cybersecurity risks that make consumers vulnerable to hacking and invasions of privacy. As we connect more parts of our lives to the internet, we have to make sure we’re doing it safely.”
Rep. Lieu said that the Cyber Shield Act bridges the divide between the importance of innovation and the need to ensure consumers are protected from cybersecurity threats. “By creating a voluntary program allowing IoT manufacturers to certify the security of their devices, we’re encouraging the idea that cybersecurity should be top of mind for industry and consumers alike,” he said. “It’s a great solution to an ever-increasing problem.”
Sen. Markey introduced similar legislation in 2017, but the bill did not make it further than the Senate Commerce, Science, and Transportation Committee. A House version of the bill similarly died in the House Energy and Commerce Committee.
Sen. Markey and Rep. Lieu also introduced the bill in 2019, but it failed to make it out of both the Senate Commerce, Science, and Transportation Committee and the House Energy and Commerce Committee.