Sen. Ed Markey (D-MA) and Rep. Ted Lieu (D-CA-33) reintroduced the Cyber Shield Act on March 24, 2021. The proposed legislation is not new to Congress; Sen. Markey and Rep. Lieu previously introduced the Cyber Shield Act in both 2017 and 2019. However, the bill never made it to a vote in either the House or the Senate.

As written, the Cyber Shield Act calls for the creation of a voluntary cybersecurity certification program for Internet of Things (IoT) devices.  IoT devices span a wide range of products, including cell phones, laptops, cameras, smart home assistants, smart locks, baby monitors, and smart kitchen appliances, and the Act’s provisions would apply to any internet-connected consumer product that transmits data or controls the actions of a physical object or system.  The proposed legislation would establish a cybersecurity advisory committee comprised of subject matter experts from various areas, including academia, government, industry, consumer groups, and the public. The advisory committee would be tasked with creating certain cybersecurity benchmarks. If IoT products meet these benchmarks, manufacturers could certify them with a “Cyber Shield” label, allowing consumers to opt for certified products.

The proposed legislation is identical to the 2019 bill, which made only minor substantive changes to its 2017 counterpart. These revisions include the introduction of a provision allowing the Secretary of Commerce to remove the Cyber Shield certification if a product or manufacturer falls out of compliance with the advisory committee’s benchmarks. Additionally, the 2019 and 2021 versions require the Inspector General of the Department of Commerce to periodically evaluate the level of business participation in the Cyber Shield program and public awareness of the Cyber Shield label.

The reintroduction of the Cyber Shield Act serves as an indication of lawmakers’ continued efforts to make progress on IoT device security. For example:

  • On December 4, 2020, President Trump signed into law the IoT Cybersecurity Improvement Act of 2020, requiring IoT devices purchased by the federal government to meet minimum security standards.
  • In February 2021, the co-chairs of the Internet of Things Caucus, Reps. Susan DelBene (D-WA-01) and John Katko (R-NY-24), reintroduced a bill that would allow the FCC to collect data on the growth of IoT devices that depend on 5G networks.
  • Similarly, in May 2020, Reps. John Joyce (R-PA-13) and Richard Hudson (R-NC-8) introduced the Advancing IoT Manufacturing Act, which would require the Department of Commerce to study and subsequently make recommendations to Congress regarding how to incorporate IoT devices into the manufacturing industry.

In a press release announcing the reintroduction of the Cyber Shield Act, Sen. Markey stated that “[w]ith as many as 75 billion IoT devices projected to be in our pockets and homes by 2025, cybersecurity continues to pose a direct threat to economic prosperity, privacy, and global security.” Rep. Lieu added that the legislation would encourage cybersecurity to be “top of mind for industry and consumers alike.”

The full text of the proposed Cyber Shield Act may be found here.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Micaela McMurrough Micaela McMurrough

Micaela McMurrough has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and serves as co-chair of Covington’s global and multi-disciplinary Internet of Things (IoT) group. She also represents and advises domestic and international…

Micaela McMurrough has represented clients in high-stakes antitrust, patent, trade secrets, contract, and securities litigation, and other complex commercial litigation matters, and serves as co-chair of Covington’s global and multi-disciplinary Internet of Things (IoT) group. She also represents and advises domestic and international clients on cybersecurity and data privacy issues, including cybersecurity investigations and cyber incident response. Micaela has advised clients on data breaches and other network intrusions, conducted cybersecurity investigations, and advised clients regarding evolving cybersecurity regulations and cybersecurity norms in the context of international law.

In 2016, Micaela was selected as one of thirteen Madison Policy Forum Military-Business Cybersecurity Fellows. She regularly engages with government, military, and business leaders in the cybersecurity industry in an effort to develop national strategies for complex cyber issues and policy challenges. Micaela previously served as a United States Presidential Leadership Scholar, principally responsible for launching a program to familiarize federal judges with various aspects of the U.S. national security structure and national intelligence community.

Prior to her legal career, Micaela served in the Military Intelligence Branch of the United States Army. She served as Intelligence Officer of a 1,200-member maneuver unit conducting combat operations in Afghanistan and was awarded the Bronze Star.

Photo of Jayne Ponder Jayne Ponder

Jayne Ponder is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group. Jayne’s practice focuses on a broad range of privacy, data security, and technology issues. She provides ongoing privacy and data protection…

Jayne Ponder is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group. Jayne’s practice focuses on a broad range of privacy, data security, and technology issues. She provides ongoing privacy and data protection counsel to companies, including on topics related to privacy policies and data practices, the California Consumer Privacy Act, and cyber and data security incident response and preparedness.