The time may have come for a Consumer Reports style rating system that can identify the security level of connected devices and services. Industry experts and federal agencies such as NSA, NASA ,and NIST have repeatedly pushed for standardization on the bare essentials of cybersecurity. A new bill heading to Congress may address the problem.
Senator Edward J. Markey of Massachusetts has proposed the Cyber Shield Act that seeks to give the consumers of Internet-connected products clear and accurate information on security. The bill proposes a ratings system for cybersecurity. Markey is working with the Institute for Critical Infrastructure Technology (ICIT) to test these ideas, identify problems, and seek solutions.
Shining the Light on Cyber Threats
The ICIT has produced an analysis of the proposed act in the document, The Cyber Shield Act: Is the Legislative Community Finally Listening to Cybersecurity Experts? The report discusses how the act has the potential to impact cyber resiliency. The analysis includes specific recommendations and considerations including a discussion on meaningful criteria for security ratings and the importance of requiring security-by-design throughout the development lifecycle of devices.
“We get asked to advocate for legislation all the time. This act proposes the need for products with security-by-design built in,” James Scott, senior fellow at the ICIT told Design News . “We have to pay attention to people’s civil liberties, and cybersecurity has become a civil liberty.”
Scott also noted the proposed legislation will be presented in co-sponsorship between Markey and a as-yet-undetermined Republican. “The act has to be non-partisan or bi-partisan,” said Scott who sees no problem with attracting a co-sponsor.
The Washington-based ICIT has a track record for pushing laws that can improve cybersecurity. “We’ve been an institute for around four years. My experience is on the Hill advising on cybersecurity,” said Scott, who comes from a background of working on cyber warfare. “As an institute, we’ve received tons of support from intelligence agencies, support from the Hill, and from corporations. We’re non-partisan. We don’t accept federal money. We have underwriters. We brief Congress and a dozen federal agencies regularly.”
Got Cyber Hygiene?
Scott believes the Cyber Shield Act can empower consumers while facilitating a much-needed cultural shift in secure device manufacturing and upkeep. “We’re trying to do an energy-star type thing for cyber security,” said Scott. “It comes down to hardening technologies with volunteer guidelines that offer industry the ability to make their product more secure with a ratings system.”
If the Cyber Shield Act is passed, the concepts of a ratings system will need to engage consumers in the idea of selecting products based on their cyber safety. “The consumer reception or rejection is of cybersecurity ratings is key,” said Scott. “To make it successful, you need to partner with organizations that are already raising awareness of cybersecurity. You need a centralized language for communication that could be as simple as ‘Got Cyber Hygiene?’”