“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,” deputy national security adviser Anne Neuberger told reporters in a pre-announcement briefing
The proliferation of so-called smart — or Internet of Things — devices has coincided with growing cybercrime in which one insecure IoT device can often give a cyberintruder a dangerous foothold on a home network
Washington DC:
Biden administration announces a cybersecurity labelling programme for smart devices
The Biden administration and major consumer technology players on Tuesday launched an effort to put a nationwide cybersecurity certification and labelling programme in place to help consumers choose smart devices that are less vulnerable to hacking.
Officials likened the new US Cyber Trust Mark initiative — to be overseen by the Federal Communications Commission, with industry participation voluntary — to the Energy Star programme, which rates appliances’ energy efficiency.
“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,” deputy national security adviser Anne Neuberger told reporters in a pre-announcement briefing.
Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung as among industry participants.
In March, the White House launched its national cyber strategy that called on software makers and companies to take far greater responsibility to ensure that their systems cannot be hacked. It also accelerated efforts by agencies such as the Federal Bureau of Investigation and the Defense Department to disrupt activities of hackers and ransomware groups around the world.
Devices including baby monitors, home security cameras, fitness trackers, TVs, refrigerators and smart climate control systems that meet the US government’s cybersecurity requirements will bear the “Cyber Trust” label, a shield logo, as early as next year, officials said.
FCC Chairwoman Jessica Rosenworcel said the mark will give consumers “peace of mind” and benefit manufacturers, whose products would need to adhere to criteria set by the National Institute of Standards and Technology to qualify.
The FCC was launching a rule-making process to set the standards and seek public comment. Besides carrying logos, participating devices would have QR codes that could be scanned for updated security information.
Retailers and manufacturers will apply a “U.S. Cyber Trust Mark” logo to their devices and the program will be up and running in 2024. The initiative is designed to make sure “our networks and the use of them is more secure, because it is so important for economic and national security,” said a senior administration official, who did not wish to be named.
The Federal Communications Commission will seek public comment before rolling out the labeling program and register a national trademark with the U.S. Patent and Trademark Office, the White House said.
In a statement, the Consumer Technology Association said consumers could expect to see certification-ready products at the industry’s annual January show, CES 2024, once the FCC adopts final rules. A senior Biden administration official said it was expected that products that qualify for the logo would undergo an annual re-certification.
The Cyber Trust initiative was first announced in October following a meeting between White House and tech industry representatives.
The proliferation of so-called smart — or Internet of Things — devices has coincided with growing cybercrime in which one insecure IoT device can often give a cyberintruder a dangerous foothold on a home network.
An April report from the cybersecurity firm Bitdefender and networking equipment company NetGear, based on their monitoring of smart homes, found that the most vulnerable IoT devices in 2022 were, far and away, smart TVs, followed by smart plugs, routers and digital video recorders.
Providers of numerous smart home devices often don’t update and patch software fast enough to thwart newly emerging malware threats.
The Cyber Mark standards are expected to make clear which devices patch vulnerable software in a timely fashion and secure their communications to preserve privacy, officials said. Also important will be informing consumers which devices are equipped to detect intrusions.