The White House confirmed plans to launch a cybersecurity consumer labeling program for Internet of Things devices by the spring of 2023, following a Wednesday summit with some of the nation’s top device makers, retailers and industry associations.
Biden administration officials plan to implement a voluntary Energy Star-type labeling system that would give consumers information on a range of internet-connected smart devices that pose potential risks of being hacked.
“A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in an official White House statement.
The program is part of a wider effort by the Biden administration to boost government and private sector cybersecurity standards in order to avoid disruptive attacks like the 2020 SolarWinds nation state campaign and the 2021 ransomware attack against Colonial Pipeline.
The White House previously disclosed plans to launch the program by rating home routers and cameras, which expanded plans to add additional devices.
Connected IoT devices are used by millions of consumers, ranging from home routers to baby monitors, smart-home controllers for security and lights and smart televisions. Consumers largely know nothing about the security of the devices they purchase, and the labeling system is seen as a way to create encourage security to be flagged before they are sold on the open market.
Google expressed support for the effort to raise security standards across the IoT industry, saying such a move would drive awareness among consumers to the security of connected devices, in a blog post.
Google noted steps it had previously taken to boost the security of its Nest and Pixel devices, and is now extending the program to its Fitbit connected watch brand.
Officials from the Carnegie Mellon CyLab Security and Privacy Institute presented research findings at the White House meeting that showed consumers were willing to pay a premium for connected devices when they were informed about the security and privacy implications of their purchasing decisions.
Some of remaining questions will center around whether manufacturers would be able to self certify or require a third party and whether labels should incorporate more data privacy measures, according to the R Street Institute.
Correction: In a previous version of this article, the year of the nation state campaign against SolarWinds was misidentified. It was in 2020.