Smart fridge or smart bomb? How not to fall for the trick of hackers when buying smart devices
The US government is launching a cybersecurity product labeling program.
If you’re looking to buy a smart TV, fitness tracker, or other internet-connected device, you’ll soon be able to see hacker-proof labels on them.
The program is designed to strengthen the cybersecurity of the country as a whole by guiding Americans who may be interested in smart home devices or wearable gadgets to products that meet the security criteria defined by the National Institute of Standards and Technology (NIST).
The markings will be in the form of a “separate shield logo,” the White House said. Products that qualify for the label, for example, may include technology that requires strong passwords and provides regular software updates to protect against the latest threats.
A wide variety of products could be eligible for the program, the administration said, including smart refrigerators, microwave ovens, thermostats, home voice assistants and, later in the year, WiFi routers, after NIST develops cybersecurity standards for them.
For years, cybersecurity has been sidelined in the market for so-called “Internet of Things” (IoT) devices, which, according to security experts, favored low cost over security. One of the most famous examples of IoT security failures came in 2016, when attackers used an army of infected computers known as the Mirai botnet to disrupt access to Twitter, PayPal, and others.
Products certified under the new program may have a QR code that links to a national database confirming their participation in the program, the administration added in a message.
The launch of the program can take place not earlier than in a year. But the administration took its first steps towards implementation on Tuesday, when the Federal Communications Commission (FCC) filed for a “US Cyber Trust Mark” trademark.
The FCC, which regulates wireless devices, has also issued a formal proposal that will be open to public comment on how it should manage the program.
“This new labeling program will help provide Americans with greater confidence in the cybersecurity of the products they use and rely on in their daily lives,” the administration said in a statement. “It will also be good for businesses as it will help highlight trusted products in the market.”
The government proposal comes two years after President Joe Biden signed an executive order calling for the creation of “a type of ‘energy star’ label” for tech products.
The order highlighted how the administration can use product labeling, combined with the federal government’s vast purchasing power, to shape commercial markets and raise the bar for companies that sell technology to both US agencies and consumers.
Companies including Amazon, Best Buy, Cisco, Google, LG, Logitech, Samsung and others have pledged to help the government’s product labeling effort, pledging to improve the cybersecurity of their products, the White House said on Tuesday.
Dave DeWalt, CEO of cybersecurity investment firm NightDragon, said the government’s move could help tackle the “perfect storm” of billions of insecure IoT devices.
“Market forces alone have never been enough to force manufacturers to step up and provide safer devices,” he said. “We have taken a significant step in the right direction to put the power back in the hands of consumers to choose the best security.”
In this regard, the Consumer Technology Association said on Tuesday that its next annual trade show, CES 2024, will feature “certification-ready products” after the FCC approves its rules.