US government plans IoT security labelling

  • October 19, 2022
  • Steve Rogerson
Official White House photo by Cameron Smith

The US government is planning to launch a labelling system for IoT devices to show how well they meet cyber-security standards.

In a fact sheet this month it said it would bring together companies, associations and government partners to discuss the development of a label for IoT devices so Americans could easily recognise which devices meet the highest cyber-security standards to protect against hacking and other cyber vulnerabilities.

By developing and rolling out a common label for products that meet US government standards and are tested by vetted and approved entities, it hopes to help American consumers easily identify secure tech to bring into their homes.

“We are starting with some of the most common, and often most at-risk, technologies – routers and home cameras – to deliver the most impact, most quickly,” said the statement.

The fact sheet acknowledged that most of the USA’s critical infrastructure was owned and operated by the private sector.

“The administration has worked closely with key sectors – including transportation, banking, water and healthcare – to help stakeholders understand cyber threats to critical systems and adopt minimum cyber-security standards,” it said. “This includes the introduction of multiple performance-based directives by the Transportation Security Administration (TSA) to increase cyber-security resilience for the pipeline and rail sectors, as well as a measure on cyber requirements for the aviation sector.”

It said it was thus issuing cyber-security performance goals to provide a baseline to drive investment towards the most important security outcomes.

“We will continue to work with critical infrastructure owners and operators, sector by sector, to accelerate rapid cyber-security and resilience improvements and proactive measures,” it said.

The statement also looked at the role quantum computing will play in cyber security.

“We all rely on encryption to help protect our data from compromise or theft by malicious actors,” it said. “Advancements in quantum computing threaten that encryption.”

This summer, the National Institute of Standards & Technology (Nist) announced four encryption algorithms that would become part of its post-quantum cryptographic standard, expected to be finalised in about two years. These algorithms are the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems relied on today, such as online banking and email software.

The National Quantum Initiative has more than doubled the government’s research and development investment in quantum technology, creating new research centres and workforce development programmes across the country. Its goal, it said, was for the USA and its allies to benefit from this field’s advances without being harmed by those who would use it against them.