News & Events Washington Watch

White House Releases Plan for IoT Device Cybersecurity Labeling Program

The White House recently announced its plan to create a cybersecurity labeling system based on the EPA and Department of Energy’s Energy Star labeling system for energy efficiency. 

This plan follows the Cyber Solarium Commission’s report released in March of 2020 that called for the establishment of a National Cybersecurity Certification and Labeling Authority that would “establish and manage a program on security certifications and labeling of information and communications technology products.” While the current proposal is fully in the development stage and has not yet called for the establishment of a totally new authority to certify these products, it is a substantial step in consumer protection in cybersecurity.

The White House’s statement on the program was part of a broad press release on the Administration’s plans for strengthening America’s cybersecurity and did not include many details on how the final process will look. We do know that the Administration plans to focus on widely used “at-risk” technologies first such as routers and home cameras and that the security rankings will be based on a selected number of NIST framework standards to be made available to consumers digitally via some kind of barcode system. 

According to Cyber Scoop, the plan is being workshopped by a team of consumer product associations, manufacturing companies, and technology think tanks this month with the goal of rolling out the full program in Spring 2023. Representatives at the workshop represent around 50 stakeholders, indicating the Administration’s desire to work with, rather than against, industry and will hopefully lead to greater buy-in throughout the private sector.