Security Shield: A Label to Support Sustainable Cybersecurity

The paper argues that the current first-to-market approach to connected technologies -- including Internet of Things devices -- has undermined public trust in these technologies and the internet, jeopardizing both our economy and democracy. To combat this, the paper proposes the creation of a “Security Shield” label to inform purchasers that a product has followed recognized best cybersecurity practices and should be more secure than similar products without such a label. As the paper explains, providing consumer-facing labels to indicate which products are assessed to be more secure than others enables companies to compete on security in order to help differentiate their products. Doing so also empowers consumers to have an informed influence on the market, as a label would help consumers who prefer more secure products to find and purchase those items. In the same way that programs like “Energy Star” provide a means for manufacturers to incorporate and improve energy efficient designs, a labeling program for cybersecurity can encourage a secure-to-market approach for new devices and associated software. This will prove particularly important as the Internet of Things dramatically expands the number of internet-enabled devices over the next decade. A security shield label for consumer Internet of Things devices is an important first step to foster sustainable cybersecurity practices and restore consumer trust in the marketplace.