The White House recently hosted a group of industry and government partners to discuss the development and implementation of an Internet of Things (IoT) labeling program. This program would develop a common label to help consumers easily recognize which devices meet the highest cybersecurity standards to protect against vulnerabilities.
This program is born out of a requirement in Executive Order 14028, Improving the Nation’s Cybersecurity, which tasked NIST with developing pilot programs to help educate the public on the security capabilities and vulnerabilities of IoT devices. NIST released guidance for the pilot programs earlier this year that discussed recommendations for an internet of things labeling program (discussed here).
Modeled after the Energy Star labeling program, the IoT labeling program seeks to create an internationally recognized label that will help consumers make informed choices about the security of an Internet-enabled device. While the program is still in development, the label likely will include information about whether the product complies with U.S. government and international security standards; the amount of information collected on consumers; and whether data is encrypted. Because the nature of cybersecurity is fluid, the label will also contain a barcode that consumers can scan to receive the most up-to-date information about the security of that device.
The White House expects to rollout this voluntary labeling program in Spring 2023. The program will start with the most common and most vulnerable devices, to include internet routers and home cameras.
Putting it Into Practice: IoT device companies should continue monitoring updates to the IoT labeling program and seek to ensure devices are developed with security standards in mind.