Artwork: Megan Robinson/Axios
Biden administration forging ahead with the rollout of a new consumer product label by spring that measures the security of smart devices – but the companies affected are still unsure what to expect.
The big picture: The administration is trying to contain the growing number of cyberattacks and espionage campaigns that rely on unsecured internet-connected deviceslike routers and smart cameras.
- While it’s still unclear what the label will look like, the idea is that it will educate consumers about the safety practices manufacturers use to keep them safe.
- The United States follows Singapore and Great Britain in exploring a consumer cyberlabel for internet-connected devices.
Driving the news: On Wednesday, the White House hosted an hour-long meeting with representatives from industry, government and academia to discuss the ins and outs of what they dubbed an “Energy Star for Cyber” program. .
- Attendees included the Federal Trade Commission, Department of Energy and other government offices, as well as Amazon, AT&T, Google and many others.
Five non-governmental participants told Axios that, while they commend the White House for convening such a discussion, they came away with few definitive answers about what the program will look like or who will lead it.
- Persistent questions include whether the program will be mandatory and how exactly the label will measure device security.
Details: The White House shared its own “strawman” model for how it envisions the program working, according to two people present.
- The National Institute of Standards and Technology (NIST) would hypothetically publish a set of standards on the factors on which the rating system would be based, according to a source at the meeting.
- A third-party licensing body, yet to be created, would then use NIST standards to evaluate products. The government would oversee the program, while the FTC would be the enforcement muscle, the source added.
- At the meeting, panel discussions covered the potential role of government in this agenda; ways to make this label effective and improve device security; raising consumer awareness of the label; and appropriate enforcement mechanisms.
Between the lines: Given the rapid timeline, participants who spoke with Axios anticipate that the White House will make only small changes to its plan and rely heavily on the research presented to answer lingering questions.
- “They don’t usually put something on the table uncooked,” a source told Axios during the meeting.
And after: Justin Brookman, director of technology policy at Consumer Reports and another attendee at the meeting, told Axios the White House expects to have feedback within the next six to eight weeks.
- A senior administration official told reporters that the White House plans to present an updated proposal to government and industry stakeholders shortly before the administration decides on the initial scope of the program. this spring.
- However, some participants said they were unaware of the spring schedule until they read it in the administration’s public statement released Thursday.
Sign up for the Axios Codebook cybersecurity newsletter here.