The Biden administration launched its long-awaited Internet of Things (IoT) cybersecurity labeling program to protect Americans from internet-connected device security risks.
The “U.S. Cyber Trust Mark” helps Americans buy internet-connected devices with strong cyberattack protections.
Fitness trackers, routers, baby monitors, and smart refrigerators make up the Internet of Things, a cybersecurity weak link. Many devices have easy-to-guess default passwords and lack security updates, putting users at risk of hacking.
The Biden administration claims its voluntary Energy Star-influenced labeling system will “raise the bar” for IoT security by helping Americans choose secure internet-connected devices. The U.S. Cyber Trust Mark will be a shield logo on cybersecurity-compliant products.
This NIST criterion requires devices to have unique and strong default passwords, protect stored and transmitted data, offer regular security updates, and have incident detection capabilities.
The standards list is incomplete. The White House said NIST will immediately begin defining cybersecurity standards for “higher-risk” consumer-grade routers, which attackers often target to steal passwords and create botnets for DDoS attacks. By 2023, this work will be finished so the initiative can cover these devices in 2024.
The White House told reporters that the Cyber Trust Mark will include a QR code that links to a national registry of certified devices and provides current security information like software updating policies, data encryption standards, and vulnerability remediation.
“We didn’t want to create a label that said this product had been certified and secured and then stayed secure forever,” a senior administration official said. “The QR code will update you on cyber security standards.”
The White House said Amazon and Best Buy have joined the initiative to promote labeled products in stores and online. Cisco, Google, LG, Qualcomm, and Samsung also joined the voluntary labeling initiative.
On Tuesday, the U.S. Department of Energy announced it is working with industry partners to develop cybersecurity labeling requirements for smart meters and power inverters. The initiative will initially focus on high-risk consumer devices.