www.cyberscoop.com
Open in
urlscan Pro
18.66.112.115
Public Scan
Submitted URL: https://t.co/UZo93GEiij
Effective URL: https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/
Submission: On October 11 via manual from BN — Scanned from DE
Effective URL: https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/
Submission: On October 11 via manual from BN — Scanned from DE
Form analysis
2 forms found in the DOMGET https://www.cyberscoop.com/
<form role="search" class="overlay-search-form" method="get" id="searchform" action="https://www.cyberscoop.com/">
<div><label class="screen-reader-text" for="s">Search for:</label>
<input type="text" value="" name="s" id="s" placeholder="Type to search" class="overlay-search-input">
</div>
</form>
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2153467/20762415-8082-48f0-b243-36443c93d852
<form novalidate="" accept-charset="UTF-8" action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2153467/20762415-8082-48f0-b243-36443c93d852" enctype="multipart/form-data" id="hsForm_20762415-8082-48f0-b243-36443c93d852"
method="POST" class="hs-form stacked hs-custom-style hs-form-private hsForm_20762415-8082-48f0-b243-36443c93d852 hs-form-20762415-8082-48f0-b243-36443c93d852 hs-form-20762415-8082-48f0-b243-36443c93d852_26a5a194-7e83-4324-a666-e1b2deb340aa"
data-form-id="20762415-8082-48f0-b243-36443c93d852" data-portal-id="2153467" target="target_iframe_20762415-8082-48f0-b243-36443c93d852" data-reactid=".hbspt-forms-0">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field" data-reactid=".hbspt-forms-0.1:$0"><label id="label-email-20762415-8082-48f0-b243-36443c93d852" class="" placeholder="Enter your " for="email-20762415-8082-48f0-b243-36443c93d852"
data-reactid=".hbspt-forms-0.1:$0.0"><span data-reactid=".hbspt-forms-0.1:$0.0.0"></span></label>
<legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$0.1"></legend>
<div class="input" data-reactid=".hbspt-forms-0.1:$0.$email"><input id="email-20762415-8082-48f0-b243-36443c93d852" class="hs-input" type="email" name="email" required="" placeholder="Email (required)*" value="" autocomplete="email"
data-reactid=".hbspt-forms-0.1:$0.$email.0" inputmode="email"></div>
</div>
<div class="hs_subscriber hs-subscriber hs-fieldtype-checkbox field hs-form-field" style="display:none;" data-reactid=".hbspt-forms-0.1:$1"><label id="label-subscriber-20762415-8082-48f0-b243-36443c93d852" class=""
placeholder="Enter your Subscriber" for="subscriber-20762415-8082-48f0-b243-36443c93d852" data-reactid=".hbspt-forms-0.1:$1.0"><span data-reactid=".hbspt-forms-0.1:$1.0.0">Subscriber</span></label>
<legend class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.1:$1.1"></legend>
<div class="input" data-reactid=".hbspt-forms-0.1:$1.$subscriber"><input name="subscriber" class="hs-input" type="hidden" value="CyberScoop" data-reactid=".hbspt-forms-0.1:$1.$subscriber.0"></div>
</div><noscript data-reactid=".hbspt-forms-0.2"></noscript>
<div class="hs_submit hs-submit" data-reactid=".hbspt-forms-0.5">
<div class="hs-field-desc" style="display:none;" data-reactid=".hbspt-forms-0.5.0"></div>
<div class="actions" data-reactid=".hbspt-forms-0.5.1"><input type="submit" value="GET THE SCOOP" class="hs-button primary large" data-reactid=".hbspt-forms-0.5.1.0"></div>
</div><noscript data-reactid=".hbspt-forms-0.6"></noscript><input name="hs_context" type="hidden"
value="{"rumScriptExecuteTime":428.7999999523163,"rumServiceResponseTime":837.9000000953674,"rumFormRenderTime":2.5,"rumTotalRenderTime":841.2000000476837,"rumTotalRequestTime":380.60000014305115,"lang":"en","embedAtTimestamp":"1665526803712","formDefinitionUpdatedAt":"1586164072742","pageUrl":"https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/","pageTitle":"White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star - CyberScoop","source":"FormsNext-static-5.543","sourceName":"FormsNext","sourceVersion":"5.543","sourceVersionMajor":"5","sourceVersionMinor":"543","timestamp":1665526803718,"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36","referrer":"https://t.co/","originalEmbedContext":{"portalId":"2153467","formId":"20762415-8082-48f0-b243-36443c93d852","target":"#hbspt-form-1665526803379-2643310268"},"renderedFieldsIds":["email"],"formTarget":"#hbspt-form-1665526803379-2643310268","correlationId":"7e53ba29-2a40-49f8-9e15-fd09811bf476","captchaStatus":"NOT_APPLICABLE"}"
data-reactid=".hbspt-forms-0.7"><iframe name="target_iframe_20762415-8082-48f0-b243-36443c93d852" style="display:none;" data-reactid=".hbspt-forms-0.8"></iframe>
</form>
Text Content
Close Ad Continue to CyberScoop.com Subscribe About RSS Brought to you by * Ukraine * Threats * Policy * Privacy * Technology * Workforce * Money * Special Reports * Watch * Listen * Events * Upcoming Events * On-demand Events * Past Events * Insights policy WHITE HOUSE TO UNVEIL AMBITIOUS CYBERSECURITY LABELING EFFORT MODELED AFTER ENERGY STAR Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during a briefing at the White House in Washington, DC, on March 21, 2022. Neuberger is spearheading the labeling initiative for the White House. (Photo by NICHOLAS KAMM/AFP via Getty Images) SHARE WRITTEN BY Suzanne Smalley Oct 11, 2022 | CyberScoop Written by Suzanne Smalley Oct 11, 2022 | CYBERSCOOP The White House National Security Council will announce plans Tuesday for a consumer products cybersecurity labeling program intended to improve digital safeguards on internet-connected devices, a senior White House official told CyberScoop. About 50 representatives from consumer product associations, manufacturing companies and technology think tanks will convene at the White House on Oct. 19 for a workshop on the voluntary effort ahead of an expected spring 2023 launch. The White House briefly described the effort in a document it released Tuesday outlining various cybersecurity initiatives. The administration plans to start with recommending three or four cybersecurity standards that manufacturers can use as the basis for labels that communicate the risks associated with using so-called internet of things devices. Deputy National Security Adviser for Cyber and Emerging Tech Anne Neuberger is spearheading the initiative, which is modeled after Energy Star, a labeling program the Environmental Protection Agency and the Department of Energy operate to promote energy efficiency, the senior administration official said. “Today when folks buy tech, they buy it for a cool feature, speed to market — cybersecurity is often an afterthought,” said the official, who requested to remain anonymous to speak candidly about the effort. “Everybody realizes that it’s an idea whose time has come.” The administration is working with the European Union to align on standards since the White House wants products with cybersecurity labels to be sold globally. The standards under consideration could rate products based on how often manufacturers deploy patches for software vulnerabilities or whether devices connect to the internet without a password, the official said. It is not yet clear who will verify companies’ claims. The White House hopes the program will reward companies that invest in cybersecurity while also helping consumers find safer products. The status quo in which products hit the market quickly, leaving consumers to muddle through or ignore products’ cybersecurity features, is “not sustainable,” the official said. In its final report, the U.S. Cybersecurity Solarium Commission recommended that Congress create a nonprofit national cybersecurity certification and labeling authority tasked with “establishing and managing a voluntary cybersecurity certification and labeling program for information and communication technologies,” including software, devices and industrial control systems. CSC Executive Director Mark Montgomery hailed the White House decision to pursue a labeling program but warned it will be difficult to design and stand up. “I would hope they initially stick to OT and IoT products not software as the propensity for software updates will make management of the certification challenging,” Montgomery said. “The feds should be looking for a non-governmental organization to execute this as the certification will require an agility and persistence that will be hard for a federal agency to maintain with all their other requirements.” Poor or nonexistent cybersecurity safeguards in connected devices has long been a problem for consumers and industries alike. The White House’s early plans include creating a barcode-like label on products that consumers can scan with their phones for updated security details. While many questions remain about how the administration will roll out the effort, the official said the White House is determined to move forward and has studied similar programs implemented in Singapore and Finland. National Institute of Standards and Technology standards will be used, the official said, and will need to be tailored for specific products. However, NIST doesn’t currently have technical control standards in place for IoT devices, a fact that at least one cybersecurity expert said will complicate White House efforts because designing them will be time consuming. (NIST has issued guidance on IoT cybersecurity.) > “Today when folks buy tech, they buy it for a cool feature, speed to market — > cybersecurity is often an afterthought. Everybody realizes that it’s an idea > whose time has come.” > > senior white house official The White House official downplayed the issue and said once the program is launched officials can perfect it. “What we’re trying to do is work with NIST to get the right balance of security and not having 50 standards,” the official said. “Let’s just get this program off the ground and set a key standard that applies across many devices … I think perfect is going to be the enemy of the good on this.” The White House hopes to leave next Wednesday’s meeting with commitments from key companies to participate in the program, the administration official said. By bringing industry in early, the White House hopes product security standards will be enhanced “in parallel to the standard being built,” the official said. Some critics of the plan have called it misguided, in part because the U.S. doesn’t manufacture most of the connected products that American consumers purchase. Additionally, others said, similar policy efforts are underway in the U.K., EU and Singapore that the U.S. could adopt. “NIST is doing good work on IoT,” said Trey Herr, director of the Cyber Statecraft Initiative at the Atlantic Council. “It would be a shame if all that policymakers can imagine is to turn that into another top-down regulatory scheme.” Herr, whose team recently released a report on IoT cybersecurity, said he doesn’t understand the administration’s focus on consumer-facing labels in a digital world. “Labels are portals to data — ways to verify transparent and auditable security behavior,” he said. “It’s not about seeing some gold star on a box at a store; it’s about security researchers, investors, and other companies using this data to hold vendors accountable. The policy win right now is counterparties, not just consumers.” Other experts were more measured. Sarah Zatko, chief scientist at the nonprofit research organization Cyber Independent Testing Lab, said more transparency around software safety is sorely needed for consumers and for cybersecurity insurance providers, which currently lack the data to assess risk effectively in the IoT space. Zatko said she understands why the White House is focused on paper labels — even though they are “quaint” — because consumers are used to the format and a paper label can easily be linked to more dynamic data stored online. “It’s vital that the paper label contain information that is comparable, not just a gold star,” said Zatko, whose organization focuses on creating a safe software environment for consumers. A pass/fail standard where companies are only incentivized to do whatever it takes to hit the minimum requirements for a pass would be a mistake, she said. “A consumer can’t tell the difference between ‘barely passed’ and ‘passed with flying colors,’” Zatko said. “Part of why I like a label like Energy Star is that it shows actual data I can compare, in an easy-to-read presentation, which encourages healthy competition between vendors.” -IN THIS STORY- Anne Neuberger, cyberthreats, hacking, Internet of Things (IoT), NIST RELATED NEWS Policy SUPREME COURT POISED TO... by Suzanne Smalley Commentary BANNING TIKTOK WON’T... by mfarrell Government CISA DIRECTIVE ORDERS... by Suzanne Smalley * Ad Specs * Sponsor * RSS * * * * Privacy Policy © 2022 Scoop News Group | All Rights Reserved Search for: We use cookies to provide you with the best experience across all Scoop News Group websites. By using Scoop News Group websites, you consent to the use of cookies. Learn more GOT IT! ✓ Thanks for sharing! AddToAny More… The best cybersecurity news, delivered straight to your inbox. Sign up for our daily newsletter. Subscriber Privacy Policy