White House sets voluntary security standard for smart home devices
Andrew OrrThe US wants security standards for smart home devices
A new program from the Federal Communications Commission is aimed at helping people identify safe smart home devices by branding them as having met security rules.
The White House has unveiled a cybersecurity certification and labeling initiative. It's designed to help people make informed choices regarding smart devices that prioritize safety and have protection against cyberattacks.
It's called the "US Cyber Trust Mark" program and is led by the FCC. Next, the FCC is anticipated to solicit public feedback on implementing the voluntary cybersecurity labeling program. This program is projected to be operational by 2024.
Under the proposal, the program would rely on collaborative efforts from stakeholders to certify and label products, adhering to cybersecurity criteria outlined by the National Institute of Standards and Technology (NIST). These criteria include robust default passwords, data safeguarding, regular software updates, and effective incident detection capabilities.
- The FCC will use a QR code linked to a national registry of certified devices that provides security information about smart products.
- NIST will define cybersecurity rules for consumer routers by the end of 2023.
- The US Department of Energy is working with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters.
- The US Department of State will support the FCC to work with other countries and encourage them to work on similar labeling programs.
Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.
However, Apple already has various security measures for its HomeKit standard for smart home devices. For example, HomeKit uses encryption to secure data transmitted between compatible devices.
Apple has not commented on the government's program.
Marko Zivkovic
Wesley Hilliard
Malcolm Owen
Amber Neely
6 Comments
I’d like to know what they mean by “data safeguarding”. I’d like to think that means that recordings/transcripts of what I say to a smart speaker can’t be shared with third parties, but that probably isn’t covered.
I’ve read they do a lot of research into THC at CMU.
Oh gee….that’s a good start, hopefully same thing w cocaine carrying devices…..ehehehehe
I note with interest that the word “privacy” does not appear in these guidelines, so teh “security” part of this doesn’t apply to users, only helping to prevent hacking attacks and malware. Which is better than nothing, but far short of what Apple has been doing since day one of its own smart home devices …