US smart devices to achieve standard cybersecurity labeling • The Register

The Biden administration is continuing its push to add cybersecurity tagging to consumers’ Internet of Things (IoT) devices and may join other nations in adopting the pioneered scheme from Singapore.

This desire for labeling, and what has been achieved so far, was discussed at a meeting on Wednesday attended by U.S. Deputy National Security Advisor for Information and Emerging Technology Anne Neuberger, the chairman of the Federal Communications Commission. (FCC) Jessica Rosenworcel, National IT Director Chris Inglis, and representatives of telecom and other technology companies including Google, AT&T, Cisco, Intel, Samsung and more.

Google’s vice president of technology, Dave Kleidmacher, visited the chocolate factory blog to confirm the company’s participation in the seminar. The Veep summarized the problematic nature of increasingly interconnected devices amid ever-changing cybersecurity threats:

The standards for these US security labels are expected to be initially implemented as a voluntary system by spring 2023. The labels should have ratings that reflect the amount of data collected, the ease with which the device can be patched or updated to mitigate vulnerabilities, data encryption and interoperability. The labeling effort began in the spring of 2021 following an executive order from Biden.

In essence, this week’s discussion was something of an update on the progress between government and industry on how these labels will be designed and used. The project is still evolving, from what we can tell.

This seminar was mentioned by Neuberger on Thursday during a streaming speech at Singapore International Cyber ​​Week (SICW) 2022, a conference that attracted government and industry representatives from around the world to discuss cyber security.

Neuberger said countries need to work to avoid fragmentation of IoT standards as such fragmentation could burden consumers, particularly when in transit between jurisdictions.

The security consultant also said the US was seeking inspiration in Singapore for labeling as it had “become a world leader in IoT,” a sentiment he also expressed to reporters. the week before.

In 2014, the city-state launched its Smart Nation initiative, which seeks not only to collect data and digitize public services, but to incorporate interoperable IoT and automation into all aspects of life, including transportation, healthcare, food and drinks, logistics and more.

Singapore launched its Cybersecurity Labeling Scheme (CLS) in October 2020. Some gradients of the four-tier scheme are mutually recognized by Finland.

During the conference, Singapore Cyber ​​Security Agency (CSA) Director Soon Chia Lim said that the largely voluntary CLS scheme has been designed with four tiers so that developers and manufacturers feel they can easily step up to higher security.

In a SICW 2022 keynote, Singapore Minister of State Janil Puthicheary said CLS had “gained a lot of international traction” and announced that Germany should also sign a Mutual Recognition Agreement (MRA) on the labels.

“In addition to signing these MRAs with countries with similar schemes, Singapore has worked with industry and government partners to submit a proposal to develop an international standard, ISO 27404, which defines a Universal Cybersecurity Labeling Framework (UCLF) for the IoT of The UCLF will serve as a guide for countries looking to implement and set up their own labeling schemes for consumer IoT, ”said Puthicheary.

“It’s easier to use what’s out there than to recreate the wheel,” said Grace Burkard, director of operations for the Internet of Secure Things (IoXt) Alliance during a SICW panel discussion.

“We need to be aligned not only to prevent attacks on untested IoT devices, but also to fuel innovation,” Burkard said. “Without globally synchronized IoT standards, IoT doesn’t have the track it needs to evolve.” ®