In an effort to protect Americans from “significant national security risks,” the Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices in 2023.
It’s no secret that most IoT devices have poor security postures. Because of weak default passwords, botnet operators have been able to hijack insecure routers and flood victims with internet traffic, knocking entire websites and networks offline. Other malicious hackers use IoT devices to gain access to a victim’s network, allowing them to launch attacks or plant malware from within.
As more of these potentially insecure devices enter American homes, from routers and smart speakers to internet-connected door locks and security cameras, the US government wants to help educate them about the security risks.
Inspired by Energy Star, a labeling program run by the Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House plans to launch a similar IoT labeling program for the “highest-risk” devices next year, a senior Biden administration official said on Wednesday after a meeting with consumer product associations and device manufacturers at the National Security Council.
Participants included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, NC director Chris Inglis, and Sen. Angus King, as well as executives from Google, Samsung, Amazon, and others.
The initiative, dubbed “Energy Star for cyber” by White House officials, will assist Americans in determining whether devices meet a set of basic cybersecurity standards developed by the National Institute of Standards and Technology and the Federal Trade Commission.
Instead of a static paper label, the labels will be in the form of a “barcode” that users can scan with their smartphone.
The scanned barcode will provide access to information based on industry standards, such as software updating policies, data encryption, and vulnerability remediation.