Tag Archive for: labeling

Cybersecurity labeling for smart devices aims to help people choose those less vulnerable to hacking


WASHINGTON — The Biden administration and major consumer technology players on Tuesday launched an effort to put a nationwide cybersecurity certification and labeling program in place to help consumers choose smart devices that are less vulnerable to hacking.

Officials likened the new U.S. Cyber Trust Mark initiative — to be overseen by the Federal Communications Commission, with industry participation voluntary — to the Energy Star program, which rates appliances’ energy efficiency.

“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,” deputy national security adviser Anne Neuberger told reporters in a pre-announcement briefing.

Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung are among industry participants.

Devices including baby monitors, home security cameras, fitness trackers, TVs, refrigerators and smart climate control systems that meet the U.S. government’s cybersecurity requirements will bear the “Cyber Trust” label, a shield logo, as early as next year, officials said.

FCC Chairwoman Jessica Rosenworcel said the mark will give consumers “peace of mind” and benefit manufacturers, whose products would need to adhere to criteria set by the National Institute of Standards and Technology to qualify.

The FCC was launching a rule-making process to set the standards and seek public comment. Besides carrying logos, participating devices would have QR codes that could be scanned for updated security information.

In a statement, the Consumer Technology Association said consumers could expect to see certification-ready products at the industry’s annual January show, CES 2024, once the FCC adopts final rules. A senior Biden administration official said it was expected that products that qualify for the logo would undergo an annual re-certification.

The director of technology policy at Consumer Reports, Justin Brookman, welcomed the White House proposal but cautioned in a statement that “a long road remains” to its effective adoption.

“Our hope is that this label will ignite a healthy sense of competition in the marketplace, compelling manufacturers to safeguard both the security and…

Source…

Samsung Partners with the White House to Launch a Cybersecurity Labeling Program to Protect American Consumers


On July 18, 2023, the White House auditorium served as the backdrop for a significant milestone in the convergence of the tech sector and government. Located in the Eisenhower Executive Office Building, steps away from the West Wing, it hosted the U.S. government’s announcement of the U.S. Cyber Trust Mark program, an initiative aiming to guide consumers toward cybersecurity-conscious purchasing decisions.

samsung-us-cybertrust-program

The U.S. Cyber Trust Mark is an initiative propelled into reality by Chairwoman Jessica Rosenworcel of the Federal Communications Commission, with robust support from both the White House and the National Security Council. Its aim is to introduce a labeling system for consumer electronics and appliances, providing a valuable key to understanding the cybersecurity strengths and weaknesses of products people bring into their homes. This move will empower consumers, enabling them to make well-informed decisions about the technological devices they choose to incorporate into their daily lives.

As a global tech giant, and a longtime proponent of cybersecurity, has been a longstanding supporter of such measures. Ever since the company launched its security guidelines as part of the “Works with SmartThings” program in 2018 – a precursor to existing global Internet of Things (IoT) standards – it has championed voluntary cyber-labeling programs.


SmartThings

At a roundtable discussion held as part of the event, Samsung was represented by Jaeyeon Jung, Executive Vice President and Head of SmartThings. She relayed the company’s commitment to the U.S. Cyber Trust Mark initiative, underscoring it as a high-priority undertaking for Samsung. This commitment extends to Samsung’s own range of connected products as well as to the open multi-brand IoT ecosystem facilitated by the SmartThings platform.

samsung-partners-white-house

Jung emphasized that SmartThings is not only a secure platform but also one that is open and interoperable. She noted that all devices integrated into this platform must pass rigorous functional testing to ensure seamless interoperability. In addition, they must undergo extensive security testing to guarantee

Source…

US to launch ‘labeling’ rating program for internet-connected devices in 2023 • TechCrunch


The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from “significant national security risks.”

It’s no secret that IoT devices generally have weak security postures. Weak default passwords have allowed botnet operators to hijack insecure routers to pummel victims with floods of internet traffic, knocking entire websites and networks offline. Other malicious hackers target IoT devices as a way to get a foot into a victim’s network, allowing them to launch attacks or plant malware from the inside.

As American consumers continue to fill their homes with more of these potentially insecure devices, from routers and smart speakers to internet-connected door locks and security cameras, the U.S. government wants to help educate them about the security risks.

Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the “highest-risk” devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers.

Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as “Energy Star for cyber,” will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC).

Though specifics of the program have not yet been confirmed, the administration said it will “keep things simple.” The labels, which will be “globally recognized” and debut on devices such as routers and home cameras, will take the form of a “barcode” that users can scan using their smartphone rather than a static paper label, the…

Source…

NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products


Will NIST’s cybersecurity labeling for consumer software and IoT products help us achieve better security? Our experts weigh in.

NIST cybersecurity labeling recommendations | Synopsys

If one of the goals of President Biden’s May 2021 “Executive Order on Improving the Nation’s Cybersecurity” is fulfilled, you’ll be able to look for a quality and security assurance label on any software product you consider buying. To which anyone who cares about such things—and everybody should—might say “it’s about time.”

Indeed, consumer labeling has long been mainstream when it comes to just about everything else. We take for granted that what we plan to eat or drink has a list of ingredients on the packaging or container. The U.S. Department of Agriculture has a label that food vendors can use if their product is certified organic. Most of us are familiar with the Good Housekeeping Seal and UL certification, which offer some assurance that a vast range of products meet a minimum quality standard. “Look for the union label” has been a slogan for almost 50 years.

But details or seals of approval on the quality of software ingredients? Not so much. Pretty much not at all.

Current state of consumer cybersecurity awareness

While Americans rely on software for just about everything in modern life—communication (email, text, phone), social media, online purchases, games, research, home security, transportation, and much, much more—most remain only dimly aware of what it is, how it works, and the level of its quality and security. 

As the National Institute of Standards and Technology (NIST) recently put it, “most consumers take for granted and are unaware of the software upon which many products and services rely, [and] the very notion of what constitutes software may even be unclear.” That is, in large measure, because consumers aren’t told much of anything about it. They generally see only what it does, not what it is, who made it, how it works, or how it could put them at risk. 

The Biden executive order (EO) is obviously aimed at closing that gap in consumer awareness. It calls for NIST, the Federal Trade Commission, and other agencies to “initiate pilot programs informed by existing consumer product labeling…

Source…