The Biden administration has accelerated efforts to add cybersecurity labels to consumer Internet of Things (IoT) devices, and could join other nations in adopting the system Singapore introduced.
The government’s efforts were unveiled at a Wednesday meeting attended by U.S. Assistant National Security Advisor on Cyber and Emerging Technologies Anne Neuberger, Federal Communications Commission (FCC) Chair Jessica Rosenworcel, National Cyber Director Chris Inglis and Attendees included representatives from telcos and other technology companies including Google , AT&T, Cisco, Intel, Samsung and more.
Google’s VP of Engineering, Dave Kleidmacher, visited the Chocolate Factory’s blog to confirm the company’s participation in the workshop. The veep summarized the problematic nature of increasingly connected devices amid ever-evolving cybersecurity threats:
The US standards are to be introduced by spring 2023, initially as a voluntary system. The ratings likely reflect the amount of data collected, how easily the device can be patched or updated to mitigate vulnerabilities, data encryption, and interoperability.
The IoT workshop by industry and government officials was mentioned by Neuberger on Thursday during a streamed speech at Singapore International Cyber Week (SICW) 2022 – a conference that drew government and industry officials from around the world to discuss cybersecurity to discuss.
Neuberger said countries need to work to avoid fragmentation of IoT standards, as such fragmentation could weigh on consumers — especially when transitioning between jurisdictions.
The security adviser also said the US is looking to Singapore for inspiration on labeling as it has “become a global leader in IoT” – a sentiment she also expressed to journalists the week before.
In 2014, the city-state launched its Smart Nation initiative, which aims not only to collect data and digitize public services, but also to incorporate interoperable IoT and automation into all walks of life — including transportation, healthcare, food and beverage, logistics, and more .
Singapore introduced its Cybersecurity Labeling Scheme (CLS) in October 2020. Some levels of the four-tier system are mutually recognized by Finland.
During the conference, Singapore’s Cyber Security Agency (CSA) director Soon Chia Lim said the largely voluntary four-tier CLS system was designed to make developers and manufacturers feel like they could easily move up to higher security ratings be able.
Speaking at SICW 2022, Singapore Minister of State Janil Puthicheary said the CLS had “met a lot of international appeal” and announced that Germany is also expected to sign a Mutual Recognition Agreement (MRA) for the labels.
“In addition to signing these MRAs with countries with similar schemes, Singapore has been working with industry and government partners to present a proposal to develop an international standard, ISO 27404, that will define a universal cybersecurity labeling (UCLF) framework for consumer IoT . UCLF will serve as a guide for countries looking to implement and set up their own consumer IoT labeling schemes,” Puthicheary said.
“It’s easier to leverage what’s out there than to reinvent the wheel,” said Grace Burkard, director of operations for the Internet of Secure Things (IoXt) Alliance, during a SICW roundtable discussion.
“We need to be aligned, not just to prevent attacks on untested IoT devices, but to drive innovation,” Burkard said. “Without globally synchronized IoT standards, the IoT does not have the runway it needs to evolve.” ®
https://www.theregister.com/2022/10/20/biden_administration_iot_security_labels/ Smart Devices in US Receive Standard Cybersecurity Label • The Register