Cyber Shield Act of 2017 – a Path for Continuous Improvement

On March 22, 2017 at the Senate Committee on Commerce, Science, and Transportation, a hearing was held on The Promise and Perils of Emerging Technologies for Cybersecurity. I was honored to be able to testify.

During the two-hour committee, a variety of comments and questions arose from the Senators. One discussion, in particular, stuck with me from Senator Markey.

The Cyber Shield Act that Senator Markey proposed seeks to give the consumers of Internet-connected products (IoT) clear and accurate information on security. Think of it as a sort of technical Consumer Reports.

This should, in turn, allow consumers to make more informed purchasing decisions; similar to the Environmental Protection Agency and the Department of Energy’s Energy Star Ratings for appliances, or the National Highway Transportation Safety Administrations five-star safety ratings for automobiles.

With more accurate information informing decisions, consumers will then be able to make smarter purchasing decisions. One of the major goals of the Act would be to drive manufacturers and vendors to compete on the basis of providing better security, not just on marketing and sales, which should lead to building and maintaining better security across their products and services.

The Cyber Shield Act: Promoting Best Practices

The Act is meant to identify and promote Internet-connected products that meet industry-leading security and data security standards. One of the first things that the suppliers of technology will need to do to meet best practices, will be to have an established and well-run security-by-design or security development lifecycle to guide the creation of technology and minimize potential vulnerabilities.

Essentially, they will be strongly encouraged to think about building security into their products from day one – right alongside thinking about product design, usability, and marketing.

In addition, manufacturers and vendors will need to apply a measurement criteria for a cybersecurity (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Malcolm Harkins. Read the original post at: Cylance Blog