In an effort to protect Americans from “significant national security risks,” the Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices in 2023.
It’s no secret that most IoT devices have poor security postures. Because of weak default passwords, botnet operators have been able to hijack insecure routers and flood victims with internet traffic, knocking entire websites and networks offline.
Other malicious hackers use IoT devices to gain access to a victim’s network, allowing them to launch attacks or plant malware from within.
As more of these potentially insecure devices enter American homes, from routers and smart speakers to internet-connected door locks and security cameras, the US government wants to help educate them about the security risks.
Inspired by Energy Star, a labeling program run by the Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House plans to roll out a similar IoT labeling program to the “highest-risk” devices starting next year,
according to a senior Biden administration official speaking after a National Security Council meeting with consumer product associations and device manufacturers on Wednesday.
The meeting was attended by White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis, and Sen. Angus King, as well as leaders from Google, Amazon, Samsung, Sony, and others.
The initiative, dubbed “Energy Star for cyber” by White House officials, will assist Americans in determining whether devices meet a set of basic cybersecurity standards developed by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC).
Though the program’s specifics have yet to be confirmed, the administration has stated that it will “keep things simple.”
The labels, which will be “globally recognized” and will first appear on devices such as routers and home cameras, will be in the form of a “barcode” that users can scan with their smartphone rather than a static paper label, according to an administration official.
The scanned barcode will provide access to information based on industry standards, such as software updating policies, data encryption, and vulnerability remediation.
MORE FROM RAVZGADGET: ‘Crisis Core: Final Fantasy 7 Reunion’ Scales Up A PSP Game To PS5
The announcement comes after the White House directed NIST and the FTC last year to investigate two pilot programs for labeling cybersecurity capabilities in IoT devices.
It also follows the UK government’s introduction of an IoT security bill in Parliament last year, which requires device manufacturers, importers, and distributors to meet certain cybersecurity standards.