Bicameral legislation would help consumers protect their connected-homes and devices from growing cyber threats
Washington (March 24, 2021) – Senator Edward J. Markey (D-Mass.) and Congressman Ted W. Lieu (CA-33) today reintroduced the Cyber Shield Act, legislation that will create a voluntary cybersecurity certification program for Internet of Things (IoT) devices. The Cyber Shield Act will specifically establish an advisory committee of cybersecurity experts from academia, industry, consumer groups, government, and the public to create cybersecurity benchmarks for IoT devices – such as baby monitors, home assistants, smart locks, cameras, cell phones, and laptops. IoT manufacturers can then voluntarily certify that their products meet those cybersecurity benchmarks, and display this certification to the public with a “Cyber Shield” label that will help consumers identify and purchase more secure technology for their homes.
“The IoT will also stand for the Internet of Threats until we put in place appropriate cybersecurity safeguards,” said Senator Markey. “With as many as 75 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, personal privacy, and global security. By creating a cybersecurity certification program, the Cyber Shield Act will give consumers a seal of approval for more secure products, as well as encourage manufacturers to adopt the best cybersecurity practices so they can compete in the marketplace for safety. I thank Congressman Lieu for his partnership on this essential legislation.”
“Championing innovation is important, because technological advancement can make our lives easier and more efficient. But, for every smart refrigerator or wifi-enabled baby monitor, there comes increased cybersecurity risks that make consumers vulnerable to hacking and invasions of privacy. As we connect more parts of our lives to the internet, we have to make sure we’re doing it safely. That’s where Sen. Markey and my Cyber Shield Act comes in,” said Representative Lieu. “By creating a voluntary program allowing IoT manufacturers to certify the security of their devices, we’re encouraging the idea that cybersecurity should be top of mind for industry and consumers alike. It’s a great solution to an ever-increasing problem, and I’m grateful to have Sen. Markey as a partner on this bill.”
A copy of the legislation can be found HERE.
The Cyber Shield Act is endorsed by Public Citizen, the Massachusetts Tech Leadership Council, Rapid7, Cybereason, Internet Association, the Institute for Critical Infrastructure Technology (ICIT), and the Center for Democracy & Technology.
“It’s our hope that the labeling program created by the Cyber Shield Act will provide manufacturers with strong incentives to produce internet-connected products that meet good security standards and help consumers identify those products online and on the store shelves,” said Susan Grant, Director of Consumer Protection and Privacy at Consumer Federation of America.
“MassTLC appreciates such well thought out legislation that provides tech companies with the room they need for innovation with the ability for policy makers to continue to protect consumers,” said Tom Hopcroft, President and CEO at the Massachusetts Tech Leadership Council. “By utilizing current industry and security standards already in place, Senator Markey and Rep. Lieu have recognized that most companies already adhere to the strict standards put forth by NIST and other organizations, and thus providing a simple and effective way to keep consumers informed.”
“Consumer awareness plays an important role in IoT security, but consumers often have little insight into the presence of security features in an IoT device prior to purchase,” said Harley Geiger, Director of Public Policy at Rapid7. “Rapid7 supports Senator Markey and Rep. Lieu’s Cyber Shield Act and believes the bill's voluntary, standards-based transparency program would strengthen cybersecurity and protect consumers. Providing consumers with clear information about critical security features in IoT devices will foster market competition based on security, promote innovation in security, and build trust in the security of IoT products.”

“The Cyber Shield Act takes a voluntary approach to improving the cybersecurity of Internet-of-Things devices,” said Greg Nojeim, Director of the Security & Surveillance Project of the Center for Democracy & Technology. “It establishes a process through which consumers will learn which IoT devices meet key security standards and which may not.”
“Securing the wave of IoT devices that we expect in consumer and enterprise products is critical to protect consumers, to safeguard the public, and to avoid what amounts to digital pollution in the coming years,” said Samuel Curry, Chief Security Officer at Cybereason. “Cybereason supports Senator Markey and Rep. Lieu’s Cyber Shield Act and believes that it will raise the standard in public and transparent ways that protect consumers and the overall health of the connected world. We need to ensure that the next generation of tools is more secure and trustworthy in ways that are simple to adopt in the market as soon as possible and not fall into the same weaknesses that have plagued earlier waves of technology.”