Reed Smith Client Alerts

The Cyber Shield Act of 2017 is one of the more recent manifestations of the federal government’s increasingly urgent scrutiny over the security of Internet of Things (IoT) devices. This latest proposal, introduced in both houses of Congress on October 26–27, 2017, creates a voluntary compliance framework, whereby participating businesses can submit their devices to a standardized security review for scoring and labeling. The bill adopts a similar theory behind the LEED certification system for a building’s environmental performance. It aims to incentivize businesses to participate in the rating system as a means to market their devices’ security features. The thought is that consumers armed with this information will demonstrate a preference for higher-rated devices, which will incentivize other manufacturers to also secure a high score. Though not without critics, most notably for its voluntary nature, cybersecurity analysts are watching the bill’s progress closely to see what impact it will have on the larger landscape of IoT device regulation.

Authors: Mildred Segura Maryanne C. Woo Christopher M. Butler Brian P. Cadigan

Internet of Things (IoT) proliferation has not slowed down. In 2018, the number of IoT devices is expected to surpass the number of mobile phones.The U.S. government has been playing catch-up with its own increasing rollouts of proposed IoT regulations – all of which attempt to address some aspect of the increased security and safety risks inherent in the rise of IoT adoption. 

The most recent government iteration is the Cyber Shield Act of 2017.2 The Cyber Shield Act is the first congressional bill to focus on the voluntary labeling of IoT devices with a security score. Through these labels, the proposed legislation aims to develop an informed market that it hopes will set an appropriate valuation for device security. One of the co-sponsors of the bill, Senator Edward Markey (D-Mass.), warned that without appropriate safeguards, “IoT will also stand for the Internet of Threats.”3

This Client Alert summarizes proposed legislation, analyzes its potential impact, and addresses the key criticisms lodged against the bill.