Democrats are introducing legislation directing the Department of Commerce to set up a voluntary program to certify internet-connected devices with strong cybersecurity.
The bill, backed by Sen. Ed MarkeyEd MarkeyOvernight Energy & Environment — Presented by Climate Power — Senate Democrats ding Biden energy proposal Six Democrats blast Energy Department's uranium reserve pitch Facebook draws lawmaker scrutiny over Instagram's impact on teens MORE (D-Mass.) in the Senate and Rep. Ted Lieu (D-Calif.) in the House, would set up a voluntary program in which device manufacturers can choose to have their products evaluated and certified for meeting set benchmarks on cyber and data security.
The legislation, dubbed the “Cyber Shield Act of 2017,” represents an effort to secure the growing ecosystem of what is commonly known as the Internet of Things, or IoT.
“The IoT will also stand for the Internet of Threats unless we put in place appropriate cybersecurity safeguards,” Markey said in a statement on Friday. “With as many as 50 billion IoT devices projected to be in our pockets and homes by 2020, cybersecurity will continue to pose a direct threat to economic prosperity, privacy, and our nation’s security.”
In particular, the legislation would direct the secretary of Commerce to convene an advisory committee made up of business leaders, cybersecurity experts, public interest advocates and federal employees with backgrounds in device certification or cybersecurity.
The committee would be required to produce recommendations on cybersecurity benchmarks, which would be finalized by the Commerce Department within two years of the bill’s enactment.
Companies that choose to meet the benchmarks would have their products verified and labeled as approved through the program.
Lieu signaled that the legislation would incentivize industry leaders to “seek inventive solutions to cyber intrusions while empowering consumers to make smart purchases. ”
"As one of only four Computer Science majors in Congress, I recognize that we must continue to push for advancements in the tech industry," Lieu said. "At the same time, it is critical that we prioritize developing products with the security of consumers’ information in mind."