Consumer internet-of-things devices may soon ship with a cybersecurity seal of approval that will safeguard user data, receive software updates and protect against device hijacking.

Katerina Megas, program manager for NIST’s IOT cybersecurity program, said recently the agency is conducting cybersecurity labelling pilots and will submit a report on their efforts to the White House by May 12.

“We are on the hook to deliver the report to the White House,” Megas said on Tuesday at a New America Foundation event on IOT labelling.

She said the agency is “looking to draw on the collective brainstorming of the community” to include potential recommendations and incentives for a NIST cybersecurity labelling program for IOT devices used by industry, government agencies and individual consumers.

Any label will likely take the form of a “seal of approval” that indicates that a product meets a range of baseline criteria that will likely include data protection, access control, the ability to receive software and firmware patches and more. NIST will issue recommendations on these criteria but ultimately buy-in will be up to industry. Congress did pass IOT cybersecurity legislation in 2020, but it only covers devices owned by the U.S. government, and full implementation is about a year away.

A NIST whitepaper published in December recommended establishing a single, “seal of approval” type of label to indicate a product has met a baseline standard, along with additional directives for consumers to find more information about the labelling online.

#sen.news #SEN #SENnews