IoT security

NIST Conducting Pilot of Consumer IoT Cybersecurity Benchmarking Program

The National Institute of Standards and Technology is working on a program aimed at labeling consumer internet of things devices based on their cybersecurity, an official said.

Katerina Megas, manager of the agency’s IoT cybersecurity program, said that the effort will be informed by the “collective brainstorming” of industry players, government agencies and consumers.

The label is expected to come in the form of a “seal of approval” indicating that the product meets baseline cybersecurity criteria, FCW reported Wednesday.

Megas said that NIST will submit a report on the effort to the White House on May 12, a year after President Joe Biden issued an executive order on modernizing federal cybersecurity. The labeling program is also an implementation of one of the executive order’s provisions.

Biden tasked NIST with piloting programs aimed at educating consumers about the cybersecurity of the IoT devices and software they use. He also directed the agency to explore ways to incentivize manufacturers to participate in such programs.

NIST’s report will include “potential incentives” for businesses to participate in the program, Megas said at an event organized by think tank New America.

Megas added that the effectiveness of implementing a labeling program has not yet been proven, noting that cybersecurity might be “overshadowed by decisions about all the cool features.”

She said that “significant market testing” must be conducted ahead of full implementation. NIST will likely hand off the benchmarking program to industry or a stakeholder organization, FCW reported.