Oct 31, 2022Recently, the White House hosted a group of government and industry partners, who met to discuss the development and implementation of a voluntary labeling program in the United States that would utilize Internet of Things (IoT) technologies. The purpose of this program, expected to roll out in the spring of 2023, will be to create a common label that can identify for consumers which devices available on the market meet stringent cybersecurity standards.
The goal is to help shoppers protect themselves against vulnerabilities, a problem that has been on the rise in recent years. In May 2021, the White House issued Executive Order 14028, "Improving the Nation's Cybersecurity," which directed the National Institute of Standards and Technology (NIST) to come up with pilot programs designed to educate the public on the potential security vulnerabilities and capabilities presented by devices connected via the Internet of Things. The resultant program will establish labels that would be internationally recognized, and that would enable shoppers to make informed choices when purchasing Internet-enabled devices.
The program is currently in development, according to an article posted at the JD Supra Knowledge Center. As the article explains, "The label likely will include information about whether the product complies with U.S. government and international security standards; the amount of information collected on consumers; and whether data is encrypted. Because the nature of cybersecurity is fluid, the label will also contain a barcode that consumers can scan to receive the most up-to-date information about the security of that device." In a statement released by the White House, Adrienne Watson, a spokesperson for the National Security Council, provided further information about the program:
"Yesterday, the White House convened leaders from the private sector, academic institutions, and the U.S. Government to advance a national cybersecurity labeling program for Internet-of-Things (IoT) devices. The Biden-Harris Administration has made it a priority to strengthen our nation's cybersecurity, and a key part of that effort is ensuring the devices that have become a commonplace in the average American household—like baby monitors or smart home appliances—are protected from cyber threats. A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards and retailers to market secure devices.
"Yesterday's dialogue focused on how to best implement a national cybersecurity labeling program, drive improved security standards for Internet-enabled devices, and generate a globally recognized label. Government and industry leaders discussed the importance of a trusted program to increase security across consumer devices that connect to the Internet by equipping devices with easily recognized labels to help consumers make more informed cybersecurity choices (e.g., an 'EnergyStar' for cyber). These conversations build on the foundational work that has been pioneered by the private sector and the National Institute of Standards and Technology (NIST) to help build more secure Internet-connected devices. It also follows President Biden's Executive Order on Improving the Nation's Cybersecurity, which highlighted the need for improved IoT security and tasked NIST, in partnership with the Federal Trade Commission, to advance improved cybersecurity standards and standardized product labels for these devices."
This sounds like a worthy program, one that could benefit consumers and manufacturers alike. The more we connect devices via the Internet, the more we open ourselves up to potential security vulnerabilities, so it's vital that citizens and businesses be protected from bad actors. A national cybersecurity labeling program is a step in the right direction toward making sure proper precautions are put in place.
Rich Handley has been the managing editor of RFID Journal since 2005. Outside the RFID world, Rich has authored, edited or contributed to numerous books about pop culture. You can contact Rich via email.
