Think tank, senator want devices to be more resilient to cyberattacks

635768029526882024-mobilejpg.jpg

Photo Credit: Getty Images/iStockphoto

An analysis by a senior fellow at cybersecurity think tank the Institute for Critical Infrastructure Technology looks at the value of giving consumers more accurate information on how electronic devices store, process or transmit data and the importance of a dialogue between industry and Congress to empower decision-making criteria. 

James Scott’s “The Cyber Shield Act – Is the Legislative Community Finally Listening to Cybersecurity Experts?” examines the potential impact of a proposal being explored by the office of Sen. Edward Markey, D-Mass, to support concepts for industry, government and consumers to implement and understand the cyber posture around devices. 

Markey has been vocal in his support of government agencies working as a nexus and framework builder for government and private industry information sharing about cyberattacks, threats and protections in order to shut down vulnerabilities.

The Cyber Shield Act — informed by federal agencies such as NSA, NASA and NIST — would support building better security into devices by doing away with such things as permanent default settings, pushing manufacturers to require consumers to change packaged credentials. In addition, a measurement criteria and rating system would be introduced to help quantify the cybersecurity of devices. 

Markey insists that such provisions would be voluntary, though he feels their early adoption would provide positive market differentiation for smaller companies.

The analysis goes into further depth on how to devise a cybersecurity scoring system and harden cybersecurity design throughout the development lifecycle of devices.

The entire report can be viewed on ICITech.org