Sen. Ed Markey (D-Mass.) and Rep. Ted Lieu (D-Calif.) have teamed up to introduce a bill to boost IoT cybersecurity by creating a voluntary self-certification program under the Department of Commerce.
The Cyber Shield Act would establish a voluntary cybersecurity program for the Internet of Things, with input from an advisory committee comprising “academia, industry, consumer advocates, and the public” on benchmarks for security for consumer devices from baby monitors, cameras and cell phones to laptops and tablets.
The goal is to have manufacturers hold themselves to “industry-leading cybersecurity and data security standards, guidelines, best practices, methodologies, procedures, and processes” for the reward of branding their products as such.
Manufacturers would self-certify that their products met the benchmarks, and then could display a “Cyber Shield” label, like a “Good CyberHouseprotecting” seal of approval.
The committee will advise the Secretary of Commerce, who could elect not to treat a product as certified unless it was tested and accredited by an independent laboratory.
The secretary would have two years from the enactment of the legislation to establish the cybersecurity benchmarks. The program would get a going over by the Commerce inspector general every two years staring not more than four years after enactment.
“The IoT will also stand for the Internet of Threats unless we put in place appropriate cybersecurity safeguards,” said Markey, always ready to turn a phrase to make a point.
John Eggerton is the Washington Bureau Chief of TWICE’s sister brand, Broadcasting & Cable.