Legislation would help consumers protect their connected-homes and devices from cyber threats


Washington (October 22, 2019) – Senator Edward J. Markey (D-Mass.) and Congressman Ted W. Lieu (CA-33) today reintroduced bicameral legislation that would create a voluntary cybersecurity certification program for Internet of Things (IoT) devices. The Cyber Shield Act will establish an advisory committee of cybersecurity experts from academia, industry, consumer advocates, government, and the public to create cybersecurity benchmarks for IoT devices - such as baby monitors, home assistants, smart locks, cameras, cell phones, and laptops. IoT manufacturers can then voluntarily certify that their product meets those cybersecurity benchmarks, and display this certification to the public with a “Cyber Shield” label that will help consumers identify and purchase more secure devices for their homes.
“The IoT will also stand for the Internet of Threats until we put in place appropriate cybersecurity safeguards,” said Senator Markey. “With more than 60 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, privacy, and our nation’s security. By creating a cybersecurity certification program, the Cyber Shield Act will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety. I thank Congressman Lieu for his partnership on this essential legislation.”

“I’m a recovering Computer Science major so I recognize that advancements in technology have improved lives and our world,” said Rep. Lieu. “That said, we can’t ignore data security while we encourage technological advancement in every sector of our lives. That’s why Sen. Markey and I are reintroducing the Cyber Shield Act so that we can empower consumers to make smart purchases that keep their data safe. It’s a win-win for consumers and for businesses who prioritize the privacy and security of their customers.”


A copy of the legislation can be found HERE.


The Cyber Shield Act is endorsed by the Internet Association, Public Citizen, the Massachusetts Tech Leadership Council, Rapid7, Cybereason, and Institute for Critical Infrastructure Technology (ICIT).


“It’s our hope that the labeling program created by the Cyber Shield Act will provide manufacturers with strong incentives to produce internet-connected products that meet good security standards and help consumers identify those products online and on the store shelves,” said Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America.


“MassTLC appreciates such well thought out legislation that provides tech companies with the room they need for innovation with the ability for policy makers to continue to protect consumers,” said Tom Hopcroft, President and CEO, Massachusetts Tech Leadership Council. “By utilizing current industry and security standards already in place, Senator Markey and Rep. Lieu have recognized that most companies already adhere to the strict standards put forth by NIST and other organizations, and thus providing a simple and effective way to keep consumers informed.”


“Consumer awareness plays an important role in IoT security, but consumers often have little insight into the presence of security features in an IoT device prior to purchase,” said Harley Geiger, Director of Public Policy, Rapid7. “Rapid7 supports Senator Markey and Rep. Lieu’s Cyber Shield Act and believes the bill's voluntary, standards-based transparency program would strengthen cybersecurity and protect consumers. Providing consumers with clear information about critical security features in IoT devices will foster market competition based on security, promote innovation in security, and build trust in the security of IoT products.”


“Securing the wave of IoT devices that we expect in consumer and enterprise products is critical to protect consumers, to safeguard the public, and to avoid what amounts to digital pollution in the coming years,” said Samuel Curry, Chief Security Officer, Cybereason. “Cybereason supports Senator Markey and Rep. Lieu’s Cyber Shield Act and believes that it will raise the standard in public and transparent ways that protect consumers and the overall health of the connected world. We need to ensure that the next generation of tools is more secure and trustworthy in ways that are simple to adopt in the market as soon as possible and not fall into the same weaknesses that have plagued earlier waves of technology.”

"The Cyber Shield Act takes a voluntary approach to improving the state of security in the Internet-of-Things devices that incentivizes companies to adopt best practices and educate consumers,” said Maurice Turner, Deputy Director of the Internet Architecture project at The Center or Democracy & Technology. “Consumers should be confident that the internet-connected devices going into their homes are designed with security and privacy in mind."