The White House will formally launch a labeling program in late May for Internet of Things devices starting with the consumer sector, according to a senior National Security Council official, who outlined the administration’s plans at an industry-focused advisory board meeting.
The program will build on work started by NIST under the 2021 cyber executive order to develop criteria for a labeling effort around consumer devices. NIST finalized the consumer IoT baseline in a formal publication released in September and the White House announced plans to roll out a formal program at an October workshop.
Steven Kelly, senior director for cybersecurity and emerging technology at the NSC, said there will be a “national mark” for the label and the leading agency will set up licensing agreements where approved “scheme owners” will be able to license the mark. Kelly didn’t identify which agency would lead those efforts.
The White House has conducted conversations with international partners including the European Union, Japan and Singapore on how to make the mark “marketable” to other countries, seek “equivalency” and have mutual recognition, according to Kelly.
Kelly provided a status update to the Internet of Things Advisory Board at a Wednesday meeting. The IoT AB was created by Congress to come up with recommendations on addressing barriers to IoT adoption. IoT AB’s work will inform another report from IoT Federal Working Group which is tasked with coordinating interagency work.
Kelly said the program will eventually be expanded to include industrial IoT such as “smart energy” like invertors and smart meters. The program is also voluntary.
IoT AB member Daniel Caprio asked Kelly how the White House is working with the Commerce Department, other agencies, industry and lawmakers.
There is bipartisan interest among lawmakers, Kelly said, pointing specifically to Sen. Angus King (I-ME), who co-chaired the Cyberspace Solarium Commission, and other bills that have been introduced on the topic. Kelly said the consensus is that there is a “public policy need” and it’s “good for business” on the industry side.
Kelly said he expects that appropriations will be needed to fund the program but didn’t get into specifics on how much it will cost.
IoT AB report
Michael Bergman of the Consumer Technology Association provided an update at the meeting on the work of the cybersecurity subgroup. Congress tasked the advisory board with looking into several topics and the plan is for the IoT AB report to include cybersecurity as a cross-sector area with a focus on opportunities and benefits, barriers and potential solutions.
The CTA is actively involved in the creation of the White House’s IoT labeling program and will host a panel next week at the RSA conference in San Francisco on the topic.
Bergman said the subgroup has come up with recommendations for the program including prioritizing engagement with industry when developing and maintaining the labeling program; keeping the program voluntary; and to create further incentives.
The subgroup also proposes supporting the “current roles” with NIST developing outcome-based requirements and helping industry to develop consensus standards, Bergman said. The standards should be industry based, Bergman said.
On incentives, Bergman said the government could include a safe harbor for liability, potential pre-emption for state laws, “international mutual recognition” and coordinate agency efforts around “consumer education.” -- Sara Friedman (sfriedman@iwpnews.com)