The internet-connected devices that broke the internet in 2016 — what kid needs a Wi-Fi connected teddy bear? — sell like mad to consumers who have little idea if any security lies below the interfaces.
One year after the Mirai botnet attacks brought some of the biggest tech companies to their knees, a new bill introduced on Friday aims to create a voluntary cybersecurity certification program to “independently identify, verify, and label compliant Internet-of-Things devices with strong cybersecurity standards.”
The bill, known as the “Cyber Shield Act,” was introduced in the Senate by Sen. Edward Markey, D-Mass., and in the House of Representatives by Rep. Ted Lieu, D-Calif.
The act would establish an advisory committee to evaluate devices like cameras, cellphones, laptops and baby monitors. Companies meeting the standards could display a label on their products that would better inform customers on security issues.
“It is critical that we prioritize developing products with the security of consumers’ information in mind,” Lieu said in a statement on Friday. “The government and tech companies share an obligation to develop more transparency around the security of our favorite devices.”
These devices, more commonly categorized as the Internet of Things, are rapidly proliferating across the world and are notoriously insecure. The companies selling Wi-Fi-enabled juicers and internet-connected children’s toys often fail to provide adequate cybersecurity, even though they’re subject to the same threats as any other internet-connected device.
With some of these connected products, cybersecurity work can be relegated to an afterthought or ignored altogether — even when the product has no need to be connected to the internet.
The Cyber Shield program’s committee would be made up of industry representatives, cybersecurity experts, public interest advocates and federal experts in certification and cybersecurity. The committee would have a website with a database of certified products. They’ll be mandated to review benchmarks at least every two years.
Markey said the bill would “help ensure consumers can reliably identify more secure products and rewards manufacturers that adopt the best cybersecurity practices.”
A similar bill that would impose security standards on Internet of Things devices purchased by the federal government was introduced earlier this year by Rep. Robin Kelly, D-Ill.
You can read the full bill below: