A senior administration official said the White House is beginning with a label that will focus on some of the most at-risk technologies – and that the National Institute of Standards and Technology will play a major role in getting it done.
The White House is aiming to unveil an “initial scope” of a new security label for Internet of Things devices by spring 2023, initially focusing on some of the most at-risk technologies – including routers and home cameras, according to a senior administration official.
The administration convened cybersecurity groups, private companies, government partners and trade associations for a strategic listening session on Wednesday about efforts to develop a common label to communicate the cyber safety of devices that have met a set of standards which are still in development.
A senior administration official who spoke on background to reporters following the meeting said the White House was planning a final update to its proposal for the common label after receiving input from key stakeholders on compliance methods, steps to drive security outcomes and ways to educate consumers about the new label.
The official also said the National Institute of Standards and Technology (NIST) will play a “major role” in issuing certifications for the label.
The government has been pushing to implement IoT security standards and develop a common label for internet devices under multiple administrations, though a former government official speaking on background previously told FCW last year that cyber labeling policy would require industry buy-in.
The new label will signal that devices have been tested by “vetted and approved entities” so consumers can “easily identify secure tech to bring into their homes.” Officials have compared the forthcoming security label to Energy Star labels for products that have met specific energy efficiency requirements.
A representative for Google confirmed the company participated in the White House discussion this week and presented the administration with details about its own efforts to secure IoT products.
Other participants included companies like Amazon, Sony, AT&T and Comcast, as well as Sen. Angus King (I-Maine) who served as co-chair of the Solarium Commission, and officials from the National Security Council, the Office of the National Cyber Director and the Department of Homeland Security, according to an administration spokesperson.
Legislation and recent executive orders have tasked NIST with much of the work, including developing IoT cybersecurity standards for federal procurement, setting benchmarks for security labels and figuring out ways to get manufacturers on board with the new labeling scheme.
In addition to the new IoT labels, the White House also announced this month its intention to leverage federal procurement powers for the first time to bolster cybersecurity among software products. An official with the Office of Management and Budget told FCW that the Federal Acquisition Regulation Council will play a key role in the implementation process for standards featured in NIST’s Secure Software Development Framewor.