The White House appears to be progressing on long-standing ambitions to create a product labeling system to inform customers of the security threats connected devices pose.
In a fact sheet released on October 11, the White House announced intentions to convene a conference with interested parties to explore “a common label for products that meet U.S. government standards and are tested by vetted and approved entities.” Participants in the meeting would include businesses and trade associations. The initiative will start with routers and home cameras, characterized as the most used and “often most at-risk” technologies.
According to the sheet, the Biden-Harris Administration has placed an unwavering emphasis on enhancing American cyber defenses, developing a comprehensive strategy to lock its digital doors, and taking decisive action to secure and protect the country’s cybersecurity, such as:
- Enhancing critical infrastructure’s cybersecurity.
- Ensuring smart and safe new infrastructure.
- Strengthening the federal government’s cybersecurity standards and raising the bar through the government’s buying power.
- Combating ransomware attacks to safeguard Americans over the internet.
- Collaborating with allies and partners to provide a more secure online environment.
- Imposing costs and enhancing defenses against malicious actors.
- Implementing cyber rules that are recognized globally.
- Creating a new label to inform Americans about the security of their devices.
- Enhancing cyber education and expanding the nation’s cyber workforce.
- Building quantum-resistant encryption to safeguard the future, from online commerce to national secrets.
- Strengthening the country’s technological edge via the National Quantum Initiative and release of National Security Memorandum-10 (NSM-10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.
The federal government is expected to establish its own standards for IoT security because of the 2020 legislation that former President Donald Trump signed into law. According to that law, the National Institute of Standards and Technology must make recommendations for the minimum cybersecurity standards for Internet of Things (IoT) devices that the federal government purchases. The bill’s main points of contention were the prohibition of hard-coded, impermeable passwords and the requirement for over-the-air software and firmware upgrades.
Additionally, NIST was tasked with creating criteria for cybersecurity labels and incentives to persuade manufacturers and marketers to adopt a labeling scheme under the Biden administration’s 2021 cybersecurity executive order. The Cyberspace Solarium Commission’s suggestions also included a system for product labeling.