US rolls out security rating label for internet-connected devices

WASHINGTON - The White House on Jan 7 unveiled a new label for smart thermostats, baby monitors, app-controlled lights and other internet-connected devices that will allow consumers to see how the increasingly popular items rate on cyber-safety criteria.

The Cyber Trust Mark – a stylised shield logo with microchip-style detailing – is meant to give American consumers a quick and easy way to evaluate the security of a given smart product, much like US Department of Agriculture labels on food, or Energy Star ratings on appliances.

Companies seeking the label for their products must meet established cyber-security criteria from the US National Institute of Standards and Technology via compliance testing by accredited labs.

An increasing number of everyday devices are being connected to the internet: garage doors, fitness trackers, security cameras, voice-activated assistants, and even ovens and trash cans, providing users with added convenience but introducing novel risks.

“Each one of these devices presents a digital door that motivated cyber attackers are eager to enter,” Ms Anne Neuberger, Deputy National Security Advisor for Cyber, told reporters via a call.

The Cyber Trust Mark is voluntary. But Ms Neuberger said she hoped “consumers will start asking for the label and saying, ‘Look, I don’t want to connect another device in my home, a camera, a baby monitor that risks my privacy’.”

She said the government plans to start with consumer devices such as cameras before moving on to home and office routers, and smart meters. Products bearing the label should be hitting store shelves some time in 2025, she said.

The White House is also planning an executive order in the final days of the administration of President Joe Biden that will restrict the US government to buying only Cyber Trust Mark products beginning in 2027. The programme has bipartisan support, she added. REUTERS