Monday, April 26, 2021

S 965 Introduced - Cyber Shield Act of 2021

Last month Sen Markey (D,MA) introduced S 965, the Cyber Shield Act of 2021. The bill would establish require the Department of Commerce to establish the Cyber Shield Program; a program for the voluntary certification and labeling of products that meet industry-leading cybersecurity and data security benchmarks to enhance cybersecurity and protect data. The bill is essentially identical to S 2664 that Markey introduced last session. No action was taken on that bill or its companion bill HR 4792.

The products referenced in the bill only apply to ‘consumer facing objects’ that {§2(3)}:

• Connect to the internet or other network; and

• Collect, send, or receive data; or

• Control the actions of a physical object or system

Moving Forward

Markey is a member of the Senate Commerce, Science and Transportation Committee to which this bill was assigned for consideration. This means that he should have enough influence to see the bill considered in Committee, but he also had that influence last session. I have to wonder if he is really interested in seeing this bill move forward.

There is likely to be some Republican opposition to this bill. Since the Cyber Shield Program would be voluntary, I suspect that there could be some bipartisan support, so this bill could be reported out favorably by the Committee.

This bill is not important enough to make it to the floor of the Senate under normal order with its time consuming debate and amendment process. The expected Republican opposition should be sufficient to ensure that it could not be considered under the unanimous consent process. There remains a possibility that Markey could offer the language as an amendment to a spending or authorization bill.

Commentary

The word ‘or’ between §2(3)(B)(i) and (ii) in the definition of ‘covered product’ could mean that the definition could be stretched to include industrial control systems as they ‘control the actions of a physical object or system’, but I think that was included to address automated transportation systems. Since DHS and specifically CISA were left out of the representation list for the Advisory Committee, there is no one to advocate for that stretching of the definition.

Of course, this bill is really intended to only apply to consumer products not industrial products, thus the ‘consumer-facing physical object’ phrase in the definition of a ‘covered product’. Perhaps we need a separate ‘Industrial Shield Program’.

No comments:

 
/* Use this with templates/template-twocol.html */