REP LIEU AND SEN MARKEY REINTRODUCE BILL TO IMPROVE CYBERSECURITY OF INTERNET OF THINGS TECHNOLOGY

October 22, 2019
Press Release

WASHINGTON – Today, Congressman Ted W. Lieu (D-Los Angeles County) and Senator Edward J. Markey (D-Mass.) reintroduced bicameral legislation that would create a voluntary cybersecurity certification program for Internet of Things (IoT) devices. “The Cyber Shield Act” will establish an advisory committee of cybersecurity experts from academia, industry, consumer advocates, government and the public to create cybersecurity benchmarks for IoT devices - such as baby monitors, home assistants, smart locks, cameras, cell phones, and laptops. IoT manufacturers can then voluntarily certify that their product meets those cybersecurity benchmarks, and display this certification to the public with a “Cyber Shield” label that will help consumers identify and purchase more secure devices for their homes. Rep. Lieu and Sen. Markey previously introduced the Cyber Shield Act in 2017.

“I’m a recovering Computer Science major so I recognize that advancements in technology have improved lives and our world,” Rep. Ted Lieu said. “That said, we can’t ignore data security while we encourage technological advancement in every sector of our lives. That’s why Sen. Markey and I are reintroducing the Cyber Shield Act so that we can empower consumers to make smart purchases that keep their data safe. It’s a win-win for consumers and for businesses who prioritize the privacy and security of their customers.”

“The IoT will also stand for the Internet of Threats until we put in place appropriate cybersecurity safeguards,” said Senator Markey. “With more than 60 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, privacy, and our nation’s security. By creating a cybersecurity certification program, the Cyber Shield Act will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety. I thank Congressman Lieu for his partnership on this essential legislation.”

Support for the Cyber Shield Act:

“MassTLC appreciates such well thought out legislation that provides tech companies with the room they need for innovation with the ability for policy makers to continue to protect consumers,” said Tom Hopcroft, President and CEO of the Massachusetts Tech Leadership Council. “By utilizing current industry and security standards already in place, Senator Markey and Congressman Lieu have recognized that most companies already adhere to the strict standards put forth by NIST and other organizations, and thus providing a simple and effective way to keep consumers informed.”

“Consumer awareness plays an important role in IoT security, but consumers often have little insight into the presence of security features in an IoT device prior to purchase,” said Harley Geiger, Director of Public Policy at Rapid7. “Rapid7 supports Senator Markey and Congressman Lieu's Cyber Shield Act and believes the bill's voluntary, standards-based transparency program would strengthen cybersecurity and protect consumers. Providing consumers with clear information about critical security features in IoT devices will foster market competition based on security, promote innovation in security, and build trust in the security of IoT products.”

“Securing the wave of IoT devices that we expect in consumer and enterprise products is critical to protect consumers, to safeguard the public, and to avoid what amounts to digital pollution in the coming years,” said Samuel Curry, Chief Security Officer of Cybereason. “Cybereason supports Senator Markey and Representative Lieu's Cyber Shield Act and believes that it will raise the standard in public and transparent ways that protect consumers and the overall health of the connected world. We need to ensure that the next generation of tools is more secure and trustworthy in ways that are simple to adopt in the market as soon as possible and not fall into the same weaknesses that have plagued earlier waves of technology.”

“It’s our hope that the labeling program created by the Cyber Shield Act will provide manufacturers with strong incentives to produce internet-connected products that meet good security standards and help consumers identify those products online and on the store shelves,” said Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America.

“A voluntary IoT security label may reduce the number of low hygiene devices, by educating buyers, allowing them to distinguish between alternatives, and informing their evaluation of true cost and risk,” said Beau Woods, Cyber Safety Innovation Fellow at the Atlantic Council.

"The Cyber Shield Act takes a voluntary approach to improving the state of security in the Internet-of-Things devices that incentivizes companies to adopt best practices and educate consumers,” said Maurice Turner, Deputy Director of the Internet Architecture project at The Center or Democracy & Technology. “Consumers should be confident that the internet-connected devices going into their homes are designed with security and privacy in mind."

"ICIT supports The Cyber Shield Act, a bill that will incentivize manufacturers to follow principles of security-by-design during the lifecycle of a product and ultimately improve consumer privacy and safety.” said Parham Eftekhari, Executive Director of ICIT (Institute for Critical Infrastructure Technology). “Empowering consumers with information on the security of IoT devices elevates cybersecurity from a cost to a competitive differentiator in the eyes of IoT suppliers; a game changer in efforts to increase responsible manufacturing practices which in turn improves national security and sector resiliency."

The Cyber Shield Act is endorsed by the Internet Association, Public Citizen, the Massachusetts Tech Leadership Council, Rapid7, Cybereason, the Center for Democracy and Technology, and Institute for Critical Infrastructure Technology (ICIT).

###