White House sets voluntary security standard for smart home devices

The White House has unveiled a cybersecurity certification and labeling initiative. It's designed to help people make informed choices regarding smart devices that prioritize safety and have protection against cyberattacks.

It's called the "US Cyber Trust Mark" program and is led by the FCC. Next, the FCC is anticipated to solicit public feedback on implementing the voluntary cybersecurity labeling program. This program is projected to be operational by 2024.

Under the proposal, the program would rely on collaborative efforts from stakeholders to certify and label products, adhering to cybersecurity criteria outlined by the National Institute of Standards and Technology (NIST). These criteria include robust default passwords, data safeguarding, regular software updates, and effective incident detection capabilities.

• The FCC will use a QR code linked to a national registry of certified devices that provides security information about smart products.
• NIST will define cybersecurity rules for consumer routers by the end of 2023.
• The US Department of Energy is working with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters.
• The US Department of State will support the FCC to work with other countries and encourage them to work on similar labeling programs.

Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.

However, Apple already has various security measures for its HomeKit standard for smart home devices. For example, HomeKit uses encryption to secure data transmitted between compatible devices.

Apple has not commented on the government's program.