Many smart home devices will soon come adorned with a label that helps consumers decipher how secure these products actually are.

Driving the news: The White House and the Federal Communications Commission this morning kick-started the new U.S. Cyber Trust Mark program, which will place a label on internet-connected devices that meet the U.S. government's cyber standards for Internet of Things products.

• Approved products will need to properly protect users' data, have the ability to restrict access to the device's network to just the consumer, and be able to accept software updates, among other requirements.
• Major manufacturers and retailers — including Amazon, Best Buy, Google, LG Electronics, Logitech and Samsung — pledged their support for the program alongside today's announcement, according to a press release.

Why it matters: If all goes as planned, new cybersecurity safety labels could start appearing on products and websites late next year.

The big picture: The Biden administration has been eyeing ways to cut down on the number of cyberattacks targeting insecure, internet-connected devices, such as routers and smart cameras.

• Governments in Singapore and the U.K. are exploring similar consumer cyber label programs.

Catch up quick: U.S. officials held a meeting with government agencies and industry stakeholders last fall to lay out the ins and outs of what the "Energy Star for cyber" program would need to look like.

What they're saying: "Poorly secured products can enable attackers to gain footholds in Americans' homes and offices and steal data or cause disruption," Anne Neuberger, deputy national security adviser for cyber and emerging technology, told reporters during a press call Monday.

• "We hear again and again that American consumers want to buy cybersecurity products, and we wanted a way to bridge that desire with what we hear from companies saying, 'Look, it may be more expensive to build a cybersecurity product. Help us communicate when a product is more secure to the market,'" she added.

How it works: Consumers will likely see a new shield logo on participating devices, alongside a corresponding QR code that will take people to a soon-to-be-created national registry with more security information about that device.

• The FCC will take the lead on setting up the program through its ability to regulate wireless communications devices, and the agency will work with the Justice Department and other regulators to determine appropriate enforcement mechanisms.
• The FCC will take public comments on how best to roll out a voluntary cybersecurity labeling program, with the hopes of standing up the program by late next year.
• The Commerce Department's National Institute of Standards and Technology will also develop new security requirements for wireless routers by the end of this year that will inform the FCC's rule-making work.

Of note: The Department of Energy is also unveiling a collaborative program today with the country's National Laboratories and industry partners to create a security label for smart meters and power inverters.

Between the lines: Neuberger noted that the program will help cut down on the number of attackers who use insecure smart-home devices to create botnets — networks of infected computers that are used to launch malware — and conduct surveillance.

• In recent months, intelligence agencies have warned of state-backed hackers targeting Cisco routers, and researchers have uncovered monthslong attacks targeting small businesses' routers.

Yes, but: The program is voluntary, so manufacturers and retailers are not required to participate.

• The FCC also plans to determine how often products will need to be recertified and what liability participating organizations will face if they fail to comply with the government standards, a senior administration official told reporters.

The Commerce Department placed spyware vendors Cytrox and Intellexa on a trade blacklist Tuesday after determining that the companies threaten U.S. national security.

Why it matters: The blacklist prevents any U.S. entities from conducting business or transacting with these companies.

The big picture: The Biden administration has been focused on cracking down on the proliferation of commercial spyware vendors.

• Earlier this year, President Joe Biden signed an executive order banning U.S. government agencies and departments from using commercial spyware that poses a national security risk.
• In 2021, the U.S. also blacklisted Israeli spyware vendors NSO Group and Candiru.

Between the lines: Researchers have linked European firm Cytrox to the Predator spyware, which has been found on phones belonging to an exiled Egyptian politician, an Egyptian news host and a Greek politician.

• Cytrox is also assumed to be a member of Intellexa, a broader business organization for government mercenary surveillance vendors.
• Reuters reported in 2020 that Intellexa had worked with intelligence agencies in Southeast Asia and Europe.
• Both Cytrox and Intellexa have business holdings around the world. The Commerce Department's trade blacklist designations affect Cytrox's and Intellexa's holdings in Greece, Hungary, Ireland and North Macedonia, according to a Federal Register notice.

Details: Cytrox is known for developing exploits that allow government customers to hack into someone's phone without them knowing.

• Over the years, researchers at Citizen Lab, Meta and Google have called out the companies' capabilities, noting the spyware has allowed various groups to successfully and stealthily hack both iOS and Android devices.

What they're saying: "Without appropriate guardrails, these tools can be misused to conduct intrusive and harmful surveillance on a wide range of targets, including against activists, dissidents, journalists and political opposition," a senior Biden administration official told reporters during a press call.

• "We are also encouraging other countries to consider measures they can take within their own respective systems," the official added.

Yes, but: Governments still have had a strong interest in purchasing the technology to gain insights into other countries' operations.

The White House is likely to pick an unexpected face to lead its newest cyber office, reports over the last week suggest.

Driving the news: The Record, an online news publication, reported last week that Kemba Walden, the acting national cyber director, would not be receiving the nomination.

• A few days later, the Washington Post found Walden wasn't selected because she has personal debts, which are tied to her mortgage and the cost of sending her children to private school.
• Instead, the White House appears intent on nominating Harry Coker, a former National Security Agency and CIA official, according to a senior administration official and three people familiar with the matter. (The Post first reported Coker's name.)

Why it matters: The Office of the National Cyber Director (ONCD) is still a relatively new government office, and whoever is chosen to lead it will play a key role in setting the foundation for its operations.

The big picture: Congress created the ONCD in early 2021 — as the Biden administration was preparing to be sworn in — to harmonize and lead the government's cybersecurity strategies.

• So far, the office has been able to lead the creation and implementation of the administration's first national cyber strategy, as well as host several forums on various topics, such as electric vehicle cybersecurity and workforce issues.
• But the office has also been mired in reports of political infighting and senior staff departures in recent months.

Zoom in: A bipartisan group of lawmakers and former government officials, including former director Chris Inglis, had all thrown their support behind Walden to lead the office.

• Inglis stepped down in February, leaving the position without a permanent director for roughly five months.
• Walden, who has been at the ONCD for nearly a year, previously worked as an attorney in Microsoft's digital crimes unit and spent nearly 10 years at the Department of Homeland Security.

Meanwhile, Coker's background seemingly mirrors those of other cybersecurity officials who have risen through the intelligence community.

• He spent nearly 20 years in intelligence, including stints as the NSA's executive director and inside the CIA's Directorate of Science and Technology.

What they're saying: Not much. A spokesperson for the ONCD declined to comment.

@ D.C.

📧 Millions of emails associated with the U.S. military have been sent to people in Mali, a West African country allied with Russia, due to a typo. (Financial Times)

🤷🏻‍♂️ Microsoft says it is still investigating how suspected China-based hackers obtained a signing key that let them break into several U.S. government email inboxes. (TechCrunch)

🏛️ The Fifth Circuit Court of Appeals paused an order limiting the Biden administration's contact with social media companies. (Washington Post)

@ Industry

📲 TikTok is now supporting passkeys, including biometric logins, on iPhones. (The Verge)

😵‍💫 TJ Maxx, Shutterfly and TomTom are the latest organizations to confirm they're responding to MOVEit-related breaches. (The Record)

📍 Young people love to share their geolocations and digitally track one another, despite the privacy risks. (Axios)

@ Hackers and hacks

👀 Enterprise software provider JumpCloud, which serves about 200,000 organizations, said it's responding to a cyberattack involving a state-backed hacking group. (Ars Technica)

🎮 The teenage hacker accused of breaking into Uber and Rockstar Games has been deemed unfit to stand trial. (Eurogamer)

This cat on the phone is really speaking to me, someone who has been rocking the phones nonstop the last few days. Cats, they're just like us! 📞 🐈‍⬛