The Biden administration has launched its long-awaited Internet of Things (IoT) cybersecurity labeling program that aims to protect Americans from various security risks associated with internet-connected devices.
The program, officially named “US CyberTrust Mark,” aims to help Americans ensure that they purchase internet-connected devices that include strong cybersecurity protections against cyberattacks.
The Internet of Things, a term that covers everything from fitness trackers and routers to baby monitors and smart fridges, has long been considered the weak link of cybersecurity. Many devices ship with default passwords that are easy to guess and offer a lack of regular security updates, putting consumers at risk of being hacked.
The Biden administration says an Energy Star-influenced voluntary labeling system will “raise the bar” for IoT security by enabling Americans to make informed decisions about the security credentials of the internet-connected devices they purchase. The US Cyber Trust Mark will take the form of a distinct protective logo, which will appear on products that meet specified cybersecurity criteria.
this criterion, founded by the National Institute of Standards and Technology (NIST)will require, for example, that the device requires a unique and strong default password, protects stored and transmitted data, offers regular security updates, and ships with incident detection capabilities.
The full list of standards has not yet been finalized. The White House said that NIST would soon begin work to define cybersecurity standards for “higher-risk” consumer-grade routers, devices often targeted by attackers to steal passwords and create botnets that could be used to launch distributed denial of service (DDoS). ) attacks. This work will be completed by the end of 2023, with the aim of the initiative covering these devices when launched in 2024.
In a phone call with reporters, the White House confirmed that the Cyber Trust Mark will also include a QR code that will link to a national list of certified devices and provide up-to-date security information, such as software update policies, data encryption standards. and vulnerability fixes.
“We knew we didn’t want to put up a label that said this product had been certified and secured and then kept safe forever,” said a senior administration official. “QR codes will provide you with up-to-date information on ongoing compliance with cyber security standards.”
US retailers will also be encouraged to prioritize labeled products when placing them in stores and online, the White House said, and several have signed up for the initiative, including Amazon and Best Buy. Other major technology companies that have agreed to voluntary labeling initiatives include Cisco, Google, LG, Qualcomm and Samsung.
While the initiative will initially focus on high-risk consumer devices, the US Department of Energy announced on Tuesday that it is working with industry partners to develop cybersecurity labeling requirements for smart meters and power inverters.