Cybersecurity labeling program for smart devices announced - Los Angeles Times
Advertisement

Biden administration announces cybersecurity labeling program for smart devices

The seal of the Federal Communications Commission
The new U.S. Cyber Trust Mark initiative, which aims to help consumers choose smart devices that are less vulnerable to hacking, will be overseen by the Federal Communications Commission.
(Jacquelyn Martin / Associated Press)
Share via

The Biden administration and major consumer technology players on Tuesday launched an effort to put a nationwide cybersecurity certification and labeling program in place to help consumers choose smart devices that are less vulnerable to hacking.

Officials likened the new U.S. Cyber Trust Mark initiative — to be overseen by the Federal Communications Commission, with industry participation voluntary — to the Energy Star program, which rates appliances’ energy efficiency.

“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,†deputy national security advisor Anne Neuberger told reporters in a pre-announcement briefing.

Advertisement

Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung as among the industry participants.

Devices including baby monitors, home security cameras, fitness trackers, TVs, refrigerators and smart climate control systems that meet the U.S. government’s cybersecurity requirements will bear the “Cyber Trust†label, a shield logo, as early as next year, officials said.

An ambitious new White House cybersecurity strategy calls for bolstering protections of critical sectors and making software companies legally liable when their products don’t meet basic standards.

FCC Chairwoman Jessica Rosenworcel said the mark will give consumers “peace of mind†and benefit manufacturers, whose products would need to adhere to criteria set by the National Institute of Standards and Technology to qualify.

Advertisement

The FCC was launching a rule-making process to set the standards and seek public comment. Besides carrying logos, participating devices would have QR codes that could be scanned for updated security information.

In a statement, the Consumer Technology Assn. said consumers could expect to see certification-ready products at the industry’s annual January show, CES 2024, once the FCC adopts final rules. A senior Biden administration official said it was expected that products that qualify for the logo would undergo an annual recertification.

The director of technology policy at Consumer Reports, Justin Brookman, welcomed the White House proposal but cautioned in a statement that “a long road remains†to its effective adoption.

Advertisement

“Our hope is that this label will ignite a healthy sense of competition in the marketplace, compelling manufacturers to safeguard both the security and privacy of consumers who use connected devices and to commit to supporting those devices for the lifetime of those products.â€

The Cyber Trust initiative was first announced in October after a meeting between White House and tech industry representatives.

The proliferation of so-called smart devices has coincided with growing cybercrime in which one insecure device can often give a cyberintruder a dangerous foothold on a home network.

Outdated software, aging infrastructure and other weaknesses leave California’s critical water supply vulnerable to cyberattacks and other threats.

An April report from the cybersecurity firm Bitdefender and networking equipment company NetGear, based on their monitoring of smart homes, found that the most vulnerable devices in 2022 were, far and away, smart TVs, followed by smart plugs, routers and digital video recorders.

Providers of numerous smart home devices often don’t update and patch software fast enough to thwart newly emerging malware threats. The Cyber Mark standards are expected to make clear which devices patch vulnerable software in a timely fashion and secure their communications to preserve privacy, officials said. Also important will be informing consumers which devices are equipped to detect intrusions.

Advertisement