Oct 20th — In October of 2020, the Cyber Security Agency of Singapore (CSA), launched the Cybersecurity Labeling Scheme (CLS) for smart devices, which aimed to improve IoT security, advance cyber hygiene levels and provide greater security in cyber space. This week, U.S. deputy national security advisor for cyber and emerging technology, Anne Neuberger, stated that Singapore has “become a world leader in IoT.”
IoT labeling measures
Singapore’s IoT labeling program has gained significant attention internationally. The U.S. now intends to adopt similar labeling measures in an effort to protect Americans from significant national security risks.
New security standards
On Wednesday evening, the Biden administration unveiled new standards that are expected to roll out by the Spring of 2023. Initially, compliance with the standards will be strictly voluntary. The corresponding rating system will likely reflect the quantity of data that a given IoT device collects, how easily the device can be patched or upgraded to mitigate vulnerabilities, ease of interoperability, and whether or not data is encrypted.
Information and education
As American consumers continue to purchase IoT devices for home-use (internet-connected door locks, security cameras, routers, smart speakers), the U.S. government wants to provide information and education around security risks.
Globally recognized labels
According to the Biden administration, the new labeling scheme will be simple. The labels, which will be “globally recognized” and outfitted on IoT devices, will take the form of a barcode that individuals can scan using their smartphones. The scan-able barcode will link to information based on the soon-to-be-rolled out standards.
IoT security advances
This announcement arrives after the White House’s 2021 request for NIST and the FTC to explore two labeling pilot programs pertaining to cyber security capabilities for IoT devices. In the U.K., during 2021, Parliament introduced a bill requiring device manufacturers, importers and distributors to adhere to specific cyber security standards.