International Trade Today is a Warren News publication.
'Internet of Threats'?

Markey, Lieu Push for IoT Cybersecurity Bill, Seek Hearing to Draw Attention

Sen. Ed Markey, D-Mass., critically described IoT as the “internet of threats,” as he and Rep. Ted Lieu, D-Calif., pushed for a national certification process for such devices. Their Cyber Shield Act (see 1710270043) would establish an advisory committee of cybersecurity experts to recommend cybersecurity benchmarks for IoT devices. The bill would establish a voluntary certification program so that manufacturers could publicly verify that devices meet cybersecurity and data security benchmarks. Committee representatives would come from academia, industry, consumer advocates and the public.

Sign up for a free preview to unlock the rest of this article

If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.

The sponsors seek a committee hearing to bring attention to the issue, Markey told us after Thursday's American Enterprise Institute event. Better security is increasingly critical, as 50 billion IoT devices are projected to be in U.S. pockets and homes by 2020, he told the event. “Cyberattacks know no partisan divide.” Markey called data breaches and other privacy threats a danger to the economy and democracy. For decades, he said, the U.S. has been lagging in establishing a national cybersecurity strategy. “We need a shield for our families, for our children, for our privacy,” he said. Markey described the legislation as a “Good Housekeeping seal for cyber safety.”

Lieu said the legislation provides some level of trust between manufacturers and consumers, and Congress needs to work on a national standard. He offered one example of IoT threats: a webcam lacking any sort of security, allowing perpetrators to view what people are doing and use it for their own purposes. “We’re just very behind,” he said, saying having an expert group establish the standard is better than Congress providing a legislative fix. A limited statute, he said, might not keep up with the rapid pace of technology. He believes the legislation can gain bipartisan support, he said, but the IoT is low on the list for the White House’s packed agenda, and hopefully that “calms down” soon.

Chris Calabrese, Center for Democracy & Technology vice president-policy, said on a separate panel the legislation is a positive step, though it’s not a comprehensive solution for the myriad issues associated with cybersecurity. There's consensus just about everywhere that the U.S. needs higher cybersecurity standards, he said, but there hasn’t been consensus on what the standard looks like. “I think anything that points people in the right direction and does it in this kind of light-touch manner is going to get us to that path,” he said. Lieu co-sponsored similar legislation, the Spy Car Study Act, that would direct government partners and automakers to study security and privacy threats in vehicles, with Rep. Joe Wilson, R-S.C.

Legislatures are a force for good, Lieu said, but they're not very precise. Technology is the opposite, he said, saying it can be very precise and fast and do “amazing things.” Agencies and other bodies can deal with the issue much faster than legislation, he said.