The White House today announced an initiative aimed at making it easier for consumers to find smart devices that provide strong cybersecurity.

Over the past few years, numerous internet of things products have been targeted by hacking campaigns. In many cases, the targeted products had lackluster cybersecurity controls. The issue has drawn scrutiny from not only the White House but also European Union regulators. 

More than two dozen organizations have already signed up for the White House’s new IoT security initiative, which is known as the U.S. Cyber Trust Mark program. The participants include tech giants such as Amazon.com Inc., Google LLC and Samsung Electronics Co. Ltd. Multiple chipmakers, among them Qualcomm Inc., are taking part as well along with several major electronics retailers and universities.

The U.S. Cyber Trust Mark program focuses on consumer-focused smart devices such as internet-connected home appliances and fitness trackers. The goal is to help consumers more easily determine if a device they are considering to buy will keep their data secure.

At the heart of the program is a set of cybersecurity best practices defined by the National Institute of Standards and Technology, or NIST. Those best practices cover details such as the strength of a smart home appliance’s default password. They also extend to other aspects of device security, such as the software updates a manufacturer releases to its products.

The program will allow manufacturers to certify that their devices meet the cybersecurity requirements defined by NIST. After obtaining a certification, hardware makers may place a “U.S. Cyber Trust Mark” label on their products. Each label is set to include a QR code that, when scanned, will bring up a webpage with up-to-date information on a smart device’s security. 

The White House plans to extend the program to additional device categories over time. 

As part of the effort, NIST will start developing a set of cybersecurity requirements for consumer-grade routers. Because they process users’ web traffic, routers are a particularly major target for hackers. NIST expects to have the requirements ready by year’s end.

In conjunction, the U.S. Energy Department will define cybersecurity labeling requirements for smart meters and power inverters. An inverter is a component that converts electricity from AC to DC. It’s used for, among other tasks, converting power stored in a smart device battery into a form that the device’s circuits can use.

Besides the Energy Department, a number of other government agencies will also participate in the initiative. 

The Federal Communications Commission intends to establish “oversight and enforcement safeguards to maintain trust and confidence in the program.” Meanwhile, the Cybersecurity and Infrastructure Security Agency will educate consumers to look for products with the U.S. Cyber Trust Mark label. Additionally, it will encourage retailers to prioritize products that feature the label in their stores and online. 

Photo: Wikipedia