The Biden administration is pushing forward with efforts to label consumer Internet of Things (IoT) devices with cybersecurity, and could join other countries in adopting a plan pioneered by Singapore.
This labeling desire, and what has been achieved so far, was discussed at Wednesday’s meeting attended by US deputy national security adviser for emerging technologies and network technologies Anne. Neuberger, Federal Communications Commission (FCC) Chair Jessica Rosenworcel, national network director Chris Inglis, and representatives from telecommunications and other technology companies including Google, AT&T, Cisco, Intel, Samsung, etc.
Google VP engineer Dave Kleidermacher took to the Chocolate Factory blog to confirm the company’s attendance at the conference. Veep summarized the problematic nature of increasingly interconnected devices amid evolving cybersecurity threats:
Standards for these U.S. security labels are expected to launch in the spring of 2023, initially as a voluntary system. Labels are expected to have ratings that reflect how much data is collected, how easily devices can be patched or upgraded for vulnerability mitigation, data encryption, and interoperability. The labeling effort began in the spring of 2021 under Biden’s executive order.
Essentially, this week’s discussion is a progress update between government and industry on how these labels will be designed and used. The project is still in the process of change, from what we can tell.
The panel was referenced by Neuberger on Thursday in a keynote streamed at Singapore International Electronics Week (SICW) 2022 – a conference that attracts government and industry representatives from around the world. world to discuss cybersecurity.
Neuberger said countries must work to avoid fragmentation of IoT standards because such fragmentation can burden consumers – especially when they move between jurisdictions.
The security adviser also said the US is looking to Singapore for inspiration on the labeling as the country has “become a world leader in IoT” – a sentiment she also expressed to journalists. last week.
In 2014, the city-state launched the Smart Nation initiative, which not only seeks to collect data and digitize public services, but also incorporates interoperable IoT and automation. in every aspect of life – including transportation, healthcare, food and beverage, logistics, etc.
Singapore launched its Cybersecurity Labeling Scheme (CLS) in October 2020. Several levels of the four-level program are mutually recognized by Finland.
During the conference, Singapore’s Cybersecurity Authority (CSA) Director Soon Chia Lim said the CLS program is mostly voluntary designed with four levels so developers and manufacturers feel they can easily climb to a higher security rating.
At the keynote speech at SICW 2022, Singapore’s Minister of Foreign Affairs Janil Puthicheary said CLS has “gained a lot of traction in the international arena” and announced that Germany is also expected to sign an agreement to recognize each other (MRA) on the label.
“In addition to signing these MRAs with countries with similar programmes, Singapore worked with industry and government partners to come up with a proposal to develop an international standard, ISO 27404, defining the Labeling Framework global cybersecurity (UCLF) for consumer IoT. The UCLF will serve as a guide for countries seeking to implement and establish consumer IoT private labeling plans,” Puthicheary said. speak.
“It’s easier to use what’s available out there than to reinvent the wheel,” said Grace Burkard, executive director of the Internet of Secure Things (IoXt) Alliance.
“We need to unite not only to prevent attacks on untested IoT devices, but also to drive innovation,” says Burkard. “Without globally synchronized IoT standards, IoT doesn’t have the necessary runway to evolve.” ®