US govt launches cybersecurity safety label for smart devices

The latest news on US government cybersecurity labels, smart device safety regulations, and IoT cybersecurity initiatives includes several key developments:

1. IoT Cybersecurity Labeling Program:

   • The Federal Communications Commission (FCC) has made significant progress in its IoT Cybersecurity Labeling program in 2024. The program aims to establish a "U.S. Cyber Trust Mark" similar to the "Energy Star" initiative, which would help consumers identify smart devices less vulnerable to hacking4.
   • The FCC has established the administrative framework for the program and selected the Lead Administrator and first slate of Cybersecurity Labeling Administrators. In 2025, the program is expected to address questions about cost sharing among manufacturers and retailers, public messaging, and customer demand for labeled products4.

2. New Cybersecurity Measures:

   • The U.S. Department of Justice (DoJ) has issued a final rule to prevent the mass transfer of citizens' personal data to countries of concern, such as China, Cuba, Iran, North Korea, Russia, and Venezuela. This rule is part of Executive Order 14117 and aims to protect privacy by halting bulk data transfers to adversarial nations2.

3. Smart Device Safety Regulations:

   • The federal government is rolling out a consumer labeling system designed to help Americans pick smart devices that are less vulnerable to hacking. This initiative is part of broader efforts to enhance cybersecurity in the IoT sector3.

4. Regulatory and Legal Issues:

   • Smart city technologies, including IoT devices, AI, and other technologies, face regulatory and legal challenges related to data protection, building codes, and environmental standards. Ensuring the security and privacy of collected data is critical, and adhering to these regulations can be challenging5.

5. Cybersecurity Initiatives:

   • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical security flaws to its Known Exploited Vulnerabilities (KEV) catalog, including vulnerabilities in BeyondTrust software and Acclaim Systems USAHERDS. These additions are based on evidence of active exploitation in the wild2.

6. Federal Cybersecurity Policy:

   • Federal regulators like the FCC, FTC, and SEC have followed up on the October 2023 Executive Order 14110 with multiple AI-focused workstreams. The Office of Management and Budget (OMB) has issued guidance adding requirements for the federal government’s acquisition of AI, including cybersecurity incident reporting requirements. NIST has also announced a new program to explore cybersecurity and privacy risks from AI4.

These developments highlight the ongoing efforts by the US government to enhance cybersecurity in the IoT sector through labeling programs, regulatory measures, and initiatives aimed at protecting personal data and addressing vulnerabilities in smart devices.