The White House and the Federal Communications Commission (FCC) told reporters on Monday that a new cybersecurity labeling program for smart devices will launch by 2024 with the participation of several major retailers, including Amazon, Best Buy, Google, Logitech and Samsung.
The program, which will be known as the US Cyber Trust Mark, draws on voluntary commitments from manufacturers who have agreed to a certification program based on a set of cybersecurity criteria developed by the National Institute of Standards and Technology (NIST), including that which the White House described as unique and secure default passwords, data protection, software updates and incident detection capabilities.
Under the program, manufacturers who accept the certification will be able to use a shield logo label on their products, signaling to consumers that they have accepted NIST standards. The program will be administered by the FCC, with support from the Cybersecurity and Infrastructure Security Agency (CISA). The FCC will seek public comment on the proposed program in the coming months. Regulatory authorities, including the Department of Justice, will design standards for oversight and enforcement.
The program aims to improve the security of consumer-grade routers, a high-value target for hackers, and curb the growth of botnets that rely on compromised smart devices. The labels will be available for widely used consumer products including smart refrigerators, smart microwaves, smart TVs, and smart fitness trackers, among others.
Consumers will be the beneficiaries because they will be able to make informed purchasing decisions when they see this brand, FCC Chair Jessica Rosenworcel said at a press conference announcing the program. They can rest assured that the products they are bringing into their homes adhere to widely accepted security and privacy standards.
Rosenworcel added that manufacturers will also benefit from having an easy way to differentiate product offerings so they can better market safe devices.
A parallel Energy Department effort, announced Tuesday, will extend the concept of cybersecurity tagging to smart meters and power inverters, both critical building blocks for clean energy and the smart grid, the White House said in a statement. press. The administration also instructed the State Department to work with allies to encourage aligned programs overseas.
A cybersecurity and privacy expert whose research informed the White House’s efforts said he has conducted studies showing consumers will pay more for products with advanced cybersecurity protections because they recognize the vulnerability of smart devices.
Yuvraj Agarwal, a fellow at the Carnegie Mellons CyLab Security and Privacy Institute, has been researching the matter for five years and worked closely with the White House to develop the new program.
People will pay significant premiums for devices that have better security and privacy that are clearly disclosed, as opposed to devices that have no privacy or security factors disclosed, Agarwal told Recorded Future News, citing his research.
Documented incidents in which devices such as baby monitors were hacked, allowing hackers to film from private homes without victims knowing they were being spied on, have spurred consumer demand for a tagging program, Agarwal said.
A device with ads, which shares my data, costs $10 and the device that doesn’t cost me $20, she said. The fact is, privacy is paramount.
The label could also help consumers avoid breaches caused by Mirai malware, which turns smart devices running on ARC processors into remotely controlled bots and is often used to launch distributed denial-of-service attacks. The attacks work by flooding victims’ websites with junk traffic, making them unreachable.
Agarwal said the publicity surrounding Mirai and privacy violations such as the Federal Trade Commission’s recent investigation of Amazon for keeping children’s voice recordings indefinitely, while not disclosing the practice to parents, have boosted market demand. of safer products.
But consumers often don’t know how to rate the cybersecurity of products on their own, making a universally recognizable label valuable, he said.
I found it quite reassuring and surprising that people, once you show them the label and show them what they might know [smart] devices really want it, he said. This is an idea whose time has come.
Registered future
Cloud intelligence.
Learn more.
Suzanne Smalley
Suzanne Smalley is a privacy, disinformation, and cybersecurity policy reporter for The Record. She previously was a cybersecurity reporter at CyberScoop and Reuters. Early in her career Suzanne covered the Boston Police Department for the Boston Globe and two rounds of presidential campaigns for Newsweek. She lives in Washington with her husband and three children.
#cybersecurity #labeling #program #Internetconnected #devices #launch #year #White #House
Image Source : therecord.media
