/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
/cdn.vox-cdn.com/uploads/chorus_asset/file/23249791/VRG_ILLO_STK001_carlo_cadenas_cybersecurity_virus.jpg)
The Biden administration is unveiling a new cyber security label for smart devices today. In a press briefing, Federal Communications Commission (FCC) chair Jessica Rosenworcel said that the new label, called the US Cyber Trust Mark, indicates that devices bearing it meet the security standards based on them. Established In a report by the National Institute of Standards and Technology (NIST). The voluntary program is expected to go into effect in 2024, with the labels appearing on devices “soon thereafter”.
The program aims to cover connected devices commonly found in the home such as smart refrigerators, smart microwaves, smart televisions and smart climate control systems. But the announcement also listed “smart fitness trackers” as a device that would be covered by the certification and labeling program, suggesting ambitions beyond the smart home. It is supported voluntarily by a number of electronics, appliance and consumer product manufacturers, retailers and trade associations, including Google, Samsung, Logitech, Amazon, Best Buy and the Connectivity Standards Alliance (home of the MATTER smart home standard).
According to a press release, the FCC is “working under its authority to regulate wireless communications equipment” to propose a certification and labeling program that it says will “enforce strong default passwords, data security, software updates and event detection capabilities”. Rosenworcel compared it to the Energy Star, which denotes products such as computers or appliances that meet certain energy efficiency standards.
The CyberTrust label consists of two parts: a logo imprinted on the product’s box, and a QR code that buyers can later scan to verify that the device is still certified as cyber security threats evolve and patches are required . In an interview with Deputy National Security Advisor Anne Neuberger, I wondered whether QR codes would be used to give people more detailed security information about a product, such as whether a product requires a constant Internet connection to operate. Is required. Neuberger reiterated that the QR code would help keep customers updated, encouraging such ideas through public comment in time.
A senior FCC official said during a question-and-answer session after the briefing that the commission is considering annual recertification, but the interval has not yet been decided. As for who would handle the certification, Neuberger said it would depend on third-party labs like the Connectivity Standards Alliance or the Consumer Technology Association.
Neuberger stated that the label is necessary to “inspire the market to make more secure products by design”, adding that companies being able to differentiate themselves with such a label would save them the higher cost of better security. Together can make you more comfortable.
He also said the program will help increase accountability, as smart home products will need to continue to issue security patches as needed to maintain their CyberTrust label. Neuberger said in an interview ledge It’s always been called “a new zero day.” It’s been called “disturbing.” Sometimes, when the intelligence community discloses IoT vulnerabilities to companies, they say they’ve done work with those products. Done and will not be releasing any patches.
During the interview, when Neuberger was asked what “IoT products” the FCC would consider under the Cybertrust labeling program, he pointed to the NIST report. Essentially, according to NIST any network-connected device with a “sensor or actuator” can be considered an “IoT device”, while that entire device – the associated app, cloud backend and required bespoke hub – can be considered an “IoT device”. goes. “IoT Products”.
However, separate networking devices that aren’t connected to a single device, such as Zigbee and Z-Wave hubs bundled with Wi-Fi routers, were not investigated as part of the report. NIST is defining the cyber security requirements of consumer-grade routers as a priority given the threat of snooping, password theft and other nefarious activities in targeted homes. It hopes to complete this work by the end of 2023 so that the Commission can consider the cyber security requirements of routers for inclusion in the labeling programme.
The Biden administration is expected to unveil the new CyberTrust logo today with a livestream from the White House from 9:30 a.m. to 11 a.m. ET, revealing more details about the program and which companies have already committed to it. .
So far, the Administration lists the following “participants” in support of today’s announcement:
Amazon, Best Buy, Carnegie Mellow University, Scilab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, Information Technology Industry Council, IoXT, Keysight, LG Electronics USA, Logitech, OpenPolicy, Quorvo, Qualcomm, Samsung, UL Solutions, Yale and August US
/cdn.vox-cdn.com/uploads/chorus_asset/file/23249791/VRG_ILLO_STK001_carlo_cadenas_cybersecurity_virus.jpg&description=The%20Biden%20administration%20is%20tackling%20smart%20devices%20with%20new%20cyber%20security%20labels){kind=link}