October 27, 2017

Senator Markey and Rep. Lieu Introduce Legislation to Improve the Cybersecurity of Internet of Things Devices

Washington (October 27, 2017) – Senator Edward J. Markey (D-Mass.) and Congressman Ted W. Lieu (CA-33) today introduced bicameral legislation that would create a voluntary cybersecurity certification program for Internet of Things (IoT) devices. The Cyber Shield Act will establish an advisory committee of cybersecurity experts from academia, industry, consumer advocates, and the public to create cybersecurity benchmarks for IoT devices, such as baby monitors, cameras, cellphones, laptops, and tablets. IoT manufacturers can voluntarily certify that their product meets those cybersecurity and data security benchmarks, and display this certification to the public.

“The IoT will also stand for the Internet of Threats unless we put in place appropriate cybersecurity safeguards,” said Senator Markey. “With as many as 50 billion IoT devices projected to be in our pockets and homes by 2020, cybersecurity will continue to pose a direct threat to economic prosperity, privacy, and our nation’s security. By creating a cybersecurity certification program, the Cyber Shield Act will help ensure consumers can reliably identify more secure products and rewards manufacturers that adopt the best cybersecurity practices. I thank Congressman Liu for his partnership on this timely legislation.”

“Innovation in the Internet-of-Things space has provided us with revolutionary technology that improves lives and enhances business practices,” said Congressman Lieu. “As one of only four Computer Science majors in Congress, I recognize that we must continue to push for advancements in the tech industry. At the same time, it is critical that we prioritize developing products with the security of consumers’ information in mind. The government and tech companies share an obligation to develop more transparency around the security of our favorite devices. I am proud to introduce this bill alongside Sen. Markey because it will help encourage industries to seek inventive solutions to cyber intrusions while empowering consumers to make smart purchases. This is a necessary step in my ongoing effort to protect privacy and safeguard data for consumers and businesses.”

A copy of the legislation can be found HERE.

“MassTLC appreciates such well thought out legislation that provides tech companies with the room they need for innovation with the ability for policy makers to continue to protect consumers,” said Tom Hopcroft, President and CEO of the Massachusetts Tech Leadership Council. “By utilizing current industry and security standards already in place, Senator Markey has recognized that most companies already adhere to the strict standards put forth by NIST and other organizations, and thus providing a simple and effective way to keep consumers informed.”

“Our goal should be establishing IoT device best practices that are understood by both consumers and manufacturers,” said Shane Tews, Visiting Fellow, American Enterprise Institute. “Sen. Ed Markey has proposed an Energy Star-like program that would create a voluntary cyber and data security certification program named Cyber Shield. This will help consumers identify responsible manufactures who adhere to agreed-upon cyber and data practices.”

“Internet connectivity is now commonplace in everyday consumer products, but the necessary security features are not,” said Joseph Jerome, Policy Counsel at the Center for Democracy & Technology. “Devices are frequently operated by companies with immature data privacy practices, leaving consumers vulnerable. The Cyber Shield Act aims to improve the state of security in the Internet of Things and advance consumer education through a voluntary process. These are both necessary and hopefully Congress can advance this commonsense legislation.”

###