White House launches cybersecurity label program for smart devices

Many smart home devices will soon come adorned with a label that helps consumers decipher how secure these products actually are.

Driving the news: The White House and the Federal Communications Commission this morning kick-started the new U.S. Cyber Trust Mark program, which will place a label on internet-connected devices that meet the U.S. government's cyber standards for Internet of Things products.

• Approved products will need to properly protect users' data, have the ability to restrict access to the device's network to just the consumer, and be able to accept software updates, among other requirements.
• Major manufacturers and retailers — including Amazon, Best Buy, Google, LG Electronics, Logitech and Samsung — pledged their support for the program alongside today's announcement, according to a press release.

Why it matters: If all goes as planned, new cybersecurity safety labels could start appearing on products and websites late next year.

The big picture: The Biden administration has been eyeing ways to cut down on the number of cyberattacks targeting insecure, internet-connected devices, such as routers and smart cameras.

• Governments in Singapore and the U.K. are exploring similar consumer cyber label programs.

Catch up quick: U.S. officials held a meeting with government agencies and industry stakeholders last fall to lay out the ins and outs of what the "Energy Star for cyber" program would need to look like.

What they're saying: "Poorly secured products can enable attackers to gain footholds in Americans' homes and offices and steal data or cause disruption," Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters during a press call Monday.

• "We hear again and again that American consumers want to buy cybersecurity products, and we wanted a way to bridge that desire with what we hear from companies saying, 'Look, it may be more expensive to build a cybersecurity product. Help us communicate when a product is more secure to the market,'" she added.

How it works: Consumers will likely see a new shield logo on participating devices, alongside a corresponding QR code that will take people to a soon-to-be-created national registry with more security information about that device.

• The FCC will take the lead on setting up the program through its ability to regulate wireless communications devices, and the agency will work with the Justice Department and other regulators to determine appropriate enforcement mechanisms.
• The FCC will take public comments on how best to roll out a voluntary cybersecurity labeling program, with the hopes of standing up the program by late next year.

• The Commerce Department's National Institute of Standards and Technology will also develop new security requirements for wireless routers by the end of this year that will inform the FCC's rule-making work.

Of note: The Department of Energy is also unveiling a collaborative program today with the country's National Laboratories and industry partners to create a security label for smart meters and power inverters.

Between the lines: Neuberger noted that the program will help cut down on the number of attackers who use insecure smart-home devices to create botnets — networks of infected computers that are used to launch malware — and conduct surveillance.

• In recent months, intelligence agencies have warned of state-backed hackers targeting Cisco routers, and researchers have uncovered monthslong attacks targeting small businesses' routers.

Yes, but: The program is voluntary, so manufacturers and retailers are not required to participate.

• The FCC also plans to determine how often products will need to be recertified and what liability participating organizations will face if they fail to comply with the government standards, a senior administration official told reporters.

Sign up for Axios’ cybersecurity newsletter Codebook here