SoatDev IT Consulting
SoatDev IT Consulting
  • About us
  • Expertise
  • Services
  • How it works
  • Contact Us
  • News
  • July 18, 2023
  • Rss Fetcher
A collection of warning signs, bugs, and notifications emulating malware or a cyber attack. The images are placed in a connected web against a blue background.
Illustration by Carlo Cadenas / The Verge

The Biden Administration is unveiling a new cybersecurity label for smart devices today. In a press briefing, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel said the new label, called the US Cyber Trust Mark, will signify that devices bearing it meet security standards based on those established in a report by the National Institute of Standards and Technology (NIST). The voluntary program is expected to be in place in 2024, with the labels hitting devices “soon after.”

The program is meant to cover connected devices commonly found in the home like smart refrigerators, smart microwaves, smart televisions, and smart climate control systems. But the announcement also lists “smart fitness trackers” as a device that would be covered by the certification and labeling program suggesting ambitions beyond the smart home. It has the voluntary support of several electronics, appliance, and consumer product manufacturers, retailers, and trade associations including Google, Samsung, Logitech, Amazon, Best Buy, and the Connectivity Standards Alliance (home of the Matter smart home standard).

Think Energy Star, but for the security of smart devices.

The FCC is “acting under its authorities to regulate wireless communication devices” to propose the certification and labeling program, which it says would require “strong default passwords, data protection, software updates, and incident detection capabilities,” according to a press release. Rosenworcel likened it to Energy Star, which denotes products such as computers or appliances that meet certain energy efficiency standards.

The Cyber Trust label is comprised of two parts: a logo stamped on the box of a product, and a QR code that buyers can scan later to verify that the device is still certified as cybersecurity threats evolve and patches are needed. I wondered in an interview with Deputy National Security Advisor Anne Neuberger if the QR code would be used to give people more detailed security information about a product, such as whether a product requires a constant internet connection to be operable. Neuberger reiterated that the QR code will help keep customers up to date, encouraging ideas like this via public comment when the time comes.

A senior FCC official said during the Q&A session after the briefing that the Commission is considering annual recertifications, but the intervals haven’t yet been decided. As for who will handle certification, Neuberger said that would fall to third-party labs like the Connectivity Standards Alliance or the Consumer Technology Association.

Neuberger said the label is necessary to “drive the market to build more secure products by design,” saying that companies being able to differentiate themselves with such a label could make them more comfortable with the higher costs of better security.

She also said the program will help drive accountability, as smart home products will have to continue issuing security patches as needed to retain their Cyber Trust label. Neuberger said in an interview with The Verge that there’s always going to be “a new zero day,” calling it “troublesome” that, at times, when the intelligence community discloses an IoT vulnerability to companies, they say they’re done with those products and won’t issue a patch.

During the interview, Neuberger pointed to the NIST report when asked what the FCC will consider an “IoT product” under the Cyber Trust labeling program. Essentially, according to the NIST any network-connected device with a “sensor or actuator” can be considered an “IoT device,” while the whole of that device — the associated app, the cloud backend, and required bespoke hubs — is considered the “IoT product.”

Separate networking devices like Zigbee and Z-Wave hubs that aren’t associated with any one device, though, are instead lumped in with Wi-Fi routers, which weren’t examined as part of the report. The NIST is defining the cybersecurity requirements of consumer-grade routers as a priority given the risks they present to eavesdropping, password theft, and other nefarious activities in targeted homes. It expect to complete this work by the end of 2023 so that the Commission can consider the cybersecurity requirements of routers for inclusion in the labeling program.

The Biden administration is expected to reveal the new Cyber Trust logo later today with a livestream from The White House from 9:30AM to 11AM ET, unveiling more detail about the program and which companies have already committed to it.

So far, the administration lists the following “participants” in support of today’s announcement:

Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung, UL Solutions, Yale and August U.S.

Previous Post
Next Post

Recent Posts

  • Naukri exposed recruiter email addresses, researcher says
  • Khosla Ventures among VCs experimenting with AI-infused roll-ups of mature companies
  • Presidential seals, ‘light vetting,’ $100,000 gem-encrusted watches, and a Marriott afterparty
  • Zoox issues second robotaxi software recall in a month following collision 
  • Landa promised real estate investing for $5. Now it’s gone dark.

Categories

  • Industry News
  • Programming
  • RSS Fetched Articles
  • Uncategorized

Archives

  • May 2025
  • April 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023

Tap into the power of Microservices, MVC Architecture, Cloud, Containers, UML, and Scrum methodologies to bolster your project planning, execution, and application development processes.

Solutions

  • IT Consultation
  • Agile Transformation
  • Software Development
  • DevOps & CI/CD

Regions Covered

  • Montreal
  • New York
  • Paris
  • Mauritius
  • Abidjan
  • Dakar

Subscribe to Newsletter

Join our monthly newsletter subscribers to get the latest news and insights.

© Copyright 2023. All Rights Reserved by Soatdev IT Consulting Inc.