White House sets voluntary security standard for smart home devices

AppleInsider

A new program from the Federal Communications Commission is aimed at helping people identify safe smart home devices by branding them as having met security rules.

The US wants security standards for smart home devices

The White House has unveiled a cybersecurity certification and labeling initiative. It's designed to help people make informed choices regarding smart devices that prioritize safety and have protection against cyberattacks.

It's called the "US Cyber Trust Mark" program and is led by the FCC. Next, the FCC is anticipated to solicit public feedback on implementing the voluntary cybersecurity labeling program. This program is projected to be operational by 2024.

Under the proposal, the program would rely on collaborative efforts from stakeholders to certify and label products, adhering to cybersecurity criteria outlined by the National Institute of Standards and Technology (NIST). These criteria include robust default passwords, data safeguarding, regular software updates, and effective incident detection capabilities.

• The FCC will use a QR code linked to a national registry of certified devices that provides security information about smart products.


• NIST will define cybersecurity rules for consumer routers by the end of 2023.


• The US Department of Energy is working with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters.


• The US Department of State will support the FCC to work with other countries and encourage them to work on similar labeling programs.

Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.

However, Apple already has various security measures for its HomeKit standard for smart home devices. For example, HomeKit uses encryption to secure data transmitted between compatible devices.

Apple has not commented on the government's program.

Read on AppleInsider

ihatescreennames

I’d like to know what they mean by “data safeguarding”. I’d like to think that means that recordings/transcripts of what I say to a smart speaker can’t be shared with third parties, but that probably isn’t covered.

AppleInsider said:

Current participants in the program include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, and others. Although Apple is part of the CSA and CTA, the company isn't listed individually in the announcement.

I’ve read they do a lot of research into THC at CMU.

jfabula1

Oh gee….that’s a good start, hopefully same thing w cocaine carrying devices…..ehehehehe

chasm

I note with interest that the word “privacy” does not appear in these guidelines, so teh “security” part of this doesn’t apply to users, only helping to prevent hacking attacks and malware. Which is better than nothing, but far short of what Apple has been doing since day one of its own smart home devices …

kdupuis77

jfabula1 said:

Oh gee….that’s a good start, hopefully same thing w cocaine carrying devices…..ehehehehe

I was just gonna say, maybe the White House should start with their own security standards lol. *Wipes white powder from nostrils..

filemakerfeller

ihatescreennames said:

I’ve read they do a lot of research into THC at CMU.

Ah, you beat me to it! Wish I could upvote this more than once.

filemakerfeller

This really sounds like a marketing exercise rather than a valuable endeavour. I hope I'm proven wrong, but my expectation is that the industry will ensure zero legal liability for themselves no matter what the labels say.