Sen. Ed Markey (D-MA) and Rep. Ted Lieu (D-CA-33) reintroduced the Cyber Shield Act on March 24, 2021. The proposed legislation is not new to Congress; Sen. Markey and Rep. Lieu previously introduced the Cyber Shield Act in both 2017 and 2019. However, the bill never made it to a vote in either the House or the Senate.

As written, the Cyber Shield Act calls for the creation of a voluntary cybersecurity certification program for Internet of Things (IoT) devices.  IoT devices span a wide range of products, including cell phones, laptops, cameras, smart home assistants, smart locks, baby monitors, and smart kitchen appliances, and the Act’s provisions would apply to any internet-connected consumer product that transmits data or controls the actions of a physical object or system.  The proposed legislation would establish a cybersecurity advisory committee comprised of subject matter experts from various areas, including academia, government, industry, consumer groups, and the public. The advisory committee would be tasked with creating certain cybersecurity benchmarks. If IoT products meet these benchmarks, manufacturers could certify them with a “Cyber Shield” label, allowing consumers to opt for certified products.

The proposed legislation is identical to the 2019 bill, which made only minor substantive changes to its 2017 counterpart. These revisions include the introduction of a provision allowing the Secretary of Commerce to remove the Cyber Shield certification if a product or manufacturer falls out of compliance with the advisory committee’s benchmarks. Additionally, the 2019 and 2021 versions require the Inspector General of the Department of Commerce to periodically evaluate the level of business participation in the Cyber Shield program and public awareness of the Cyber Shield label.

The reintroduction of the Cyber Shield Act serves as an indication of lawmakers’ continued efforts to make progress on IoT device security. For example:

  • On December 4, 2020, President Trump signed into law the IoT Cybersecurity Improvement Act of 2020, requiring IoT devices purchased by the federal government to meet minimum security standards.
  • In February 2021, the co-chairs of the Internet of Things Caucus, Reps. Susan DelBene (D-WA-01) and John Katko (R-NY-24), reintroduced a bill that would allow the FCC to collect data on the growth of IoT devices that depend on 5G networks.
  • Similarly, in May 2020, Reps. John Joyce (R-PA-13) and Richard Hudson (R-NC-8) introduced the Advancing IoT Manufacturing Act, which would require the Department of Commerce to study and subsequently make recommendations to Congress regarding how to incorporate IoT devices into the manufacturing industry.

In a press release announcing the reintroduction of the Cyber Shield Act, Sen. Markey stated that “[w]ith as many as 75 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, privacy, and global security.” Rep. Lieu added that the legislation would encourage cybersecurity to be “top of mind for industry and consumers alike.”

The full text of the proposed Cyber Shield Act may be found here.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Micaela McMurrough Micaela McMurrough

Micaela McMurrough serves as co-chair of Covington’s global and multi-disciplinary Technology Group, as co-chair of the Artificial Intelligence and Internet of Things (IoT) initiative. In her practice, she has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other…

Micaela McMurrough serves as co-chair of Covington’s global and multi-disciplinary Technology Group, as co-chair of the Artificial Intelligence and Internet of Things (IoT) initiative. In her practice, she has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and she regularly represents and advises domestic and international clients on cybersecurity and data privacy issues, including cybersecurity investigations and cyber incident response. Micaela has advised clients on data breaches and other network intrusions, conducted cybersecurity investigations, and advised clients regarding evolving cybersecurity regulations and cybersecurity norms in the context of international law.

In 2016, Micaela was selected as one of thirteen Madison Policy Forum Military-Business Cybersecurity Fellows. She regularly engages with government, military, and business leaders in the cybersecurity industry in an effort to develop national strategies for complex cyber issues and policy challenges. Micaela previously served as a United States Presidential Leadership Scholar, principally responsible for launching a program to familiarize federal judges with various aspects of the U.S. national security structure and national intelligence community.

Prior to her legal career, Micaela served in the Military Intelligence Branch of the United States Army. She served as Intelligence Officer of a 1,200-member maneuver unit conducting combat operations in Afghanistan and was awarded the Bronze Star.

Photo of Jayne Ponder Jayne Ponder

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the…

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. Her practice includes partnering with clients on the design of new products and services, drafting and negotiating privacy terms with vendors and third parties, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of Artificial Intelligence and Internet of Things technologies.

Jayne routinely represents clients in privacy and consumer protection enforcement actions brought by the Federal Trade Commission and state attorneys general, including related to data privacy and advertising topics. She also helps clients articulate their perspectives through the rulemaking processes led by state regulators and privacy agencies.

As part of her practice, Jayne advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.