The next time you’re in the market for a smart TV, fitness tracker or other connected gadget, you could see a new US government-backed label identifying some products as being particularly hardened against hackers.
On Tuesday, the Biden administration announced it’s moving to implement a cybersecurity labeling program aimed at helping consumers pick out trustworthy tech products that are rated as more secure than the competition.
The program seeks to bolster the nation’s cybersecurity overall by guiding Americans who may be in the market for smart home tech or wearables toward products that meet a high standard for cybersecurity as defined by the National Institute of Standards and Technology (NIST).
The label will appear as a “distinct shield logo,” according to the White House. Products that meet the criteria for the label could include tech that requires strong passwords and that provides regular software updates to guard against the latest threats, for example.
A wide range of products could be covered, the administration said, including smart refrigerators, microwave ovens, thermostats, home voice assistants and — eventually — WiFi routers, after NIST finishes designing cybersecurity standards for them later this year.
For years, cybersecurity has been an afterthought in a market for so-called “internet of things” (IoT) devices that prioritizes low costs over security, according to security experts. One of the more famous examples of IoT security failures came in 2016, when criminal hackers used an army of infected computers, known as the Mirai botnet, to disrupt access to the websites of Twitter, PayPal, and others.
Products certified under the new program may come with a QR code that links to a national database affirming its participation, the administration added in a release.
The launch of the program could still be as far as a year away. But the administration took its first steps toward implementation on Tuesday as the Federal Communications Commission applied for a trademark linked to the effort, known as the “US Cyber Trust Mark.”
The FCC, which regulates wireless devices, also issued a formal proposal that will be open for public feedback on how it should manage the program.
“This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the administration said in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”
The government proposal comes two years after President Joe Biden signed an executive order calling for an “‘energy star’ type of label” for tech products. At the time, the US government was still reeling from a crippling ransomware attack days earlier that had forced a temporary shutdown of Colonial Pipeline, one of the country’s largest fuel pipeline operators.
The executive order highlighted how the administration could use product labeling, combined with the federal government’s immense procurement power, to shape commercial markets and raise the bar for companies that sell technology to both US agencies and ordinary consumers.
Companies including Amazon, Best Buy, Cisco, Google, LG, Logitech, Samsung and others pledged to assist in the government’s labeling push by committing to increase the cybersecurity of their products, the White House said Tuesday.
Dave DeWalt, CEO of the cybersecurity-focused investment firm NightDragon, said the government’s move could help address a “perfect storm” of billions of insecure IoT devices.
“Market forces alone were never going to be sufficient to force manufacturers to step up and deliver more secure devices,” he said. “We’ve taken an essential step now in the right direction to put the power back in the hands of the consumers to choose better security.”
The Consumer Technology Association said Tuesday its next annual trade show, CES 2024, will feature “certification-ready products” once the FCC finalizes its rules.
Read the full article here
