Internet of Things Labeling Initiative
I'm Anne newberger Deputy National Security advisor for cyber and emerging Technologies here at the White House and I'm joined by chairwoman Jessica rosenmurtzel of the FCC leading lights on the hill on technology congresswoman chakowski congresswoman matsoy Congressman Liu and Senior Executives from leading technology manufacturers and retailers and we're here to announce the Biden Harris administration's launch of the U.S cyber Trustmark program to make consumer devices devices like smart TVs home security systems and thermostats more cyber secure we are bringing more and more Internet connected devices into our homes and we know that Americans are concerned that these Internet connected devices could be used to hack into homes schools and offices so today's launch will help consumers identify and choose products that meet a US Government cyber security standards and they'll give companies that meet that same security standards a way to differentiate their products and show that their products are more cyber secure President Biden is keenly focused on improving the nation's cyber security and ensure Americans can be safe when they are online he first requested we stand up this program two years ago and the president's executive order on cyber security and you'll hear the details today so with that I'd like to turn it over to FCC chairwoman Jessica rosenwurtzel for her remarks thank you Ann and good morning what a treat to be here with so many cyber champions uh as all of us know there are so many new devices from smart televisions to thermostats to home security cameras to Baby Monitors and fitness trackers that are now connected to the internet and these Technologies offer huge benefits they can make our lives easier and more efficient they do things like help us check who is at the front door when we are not home keep tabs on our health and automatically adjust the thermostat so we can save on energy costs but this increased interconnection brings more than just convenience it brings increased security risk after all every device connected to the internet is a point of entry for the kind of cyber attacks that can take our personal data and compromise our safety that's true for the biggest connections at the largest businesses and it's also true for the smallest connections to the humblest devices in our homes so I want to give you an example and just start by telling you one of my favorite stories it is a story about cyber crime that was told by the author Misha Glenn and it involves a bank which like most institutions in the modern economy was keenly aware of the vulnerabilities of digital age activity in fact they spared no expense when it came to cyber security they carefully assessed the risks of their operation and they spent liberally to ensure the safe and secure transfer of funds and in the process they just about convinced themselves that they were invincible but of course Pride often comes just before the fall because despite their best efforts the hacker was able to make their way into their Network and it wasn't in the bank systems for transactions accounts or deposits it was in a vending machine at headquarters that was filled with chocolate bars you see the vending machine had its own IP address but the bank neglected to put it on the system for automated software patching updates after all when you plan for your security updates the machine where you drop your coins late at night when you need a little sugar boost to keep working is not the place you first think to go but that was all it took for this bank to be penetrated a single vending machine loaded with chocolate bars now I love this story because it's a reminder of how much is actually now connected in our lives that's true in businesses like Banks but it's also true for most of us at home too you know all those new home security cameras those connected thermostats and those fitness trackers they add up already globally we have about 17 billion smart devices on the marketplace and they're growing by the end of the decade we expect to have 25 billion and along the way cyber incidents associated with them are growing too so that can make us wary of bringing these smart devices these Internet of Things devices into our lives and then we'll miss out on the convenience opportunities and efficiencies that they can afford the truth is it doesn't have to be this way because we can do more to make the internet of things and these smart devices secure and do more to help consumers make good choices about what they bring into their homes and businesses in fact there are a lot of people who are here today who've been working on that for a long time and for many years my colleagues at nist have been developing security criteria for smart devices and last year I had the opportunity to join Ann and a whole bunch of others who are here today to talk a little bit about the security of the internet of things and what we could do to label smart devices so consumers feel more secure about the products they purchase and bring into their homes so I left that conversation energized and I want to tell you now what we're going to do about it at the Federal Communications Commission today I put before my colleagues a proposal to put in place the first ever voluntary cyber security labeling program for connected smart devices we're calling it the U.S cyber Trustmark and just like the energy star logo helps consumers know what devices are energy efficient the Cyber Trustmark will help consumers make more informed purchasing and more informed decisions about what kind of devices they bring into their homes and businesses so when you need a baby monitor or a new home appliance you'll be able to look for the Cyber Trustmark and you'll be able to shop with greater confidence what's more because we know devices and services are not static we're proposing that along with the mark we'll have a QR code that provides up-to-date information on the device so this proposal Builds on the good work that's already been done by government and Industry because we're going to rely on those nist recommended criteria to set the Cyber trust Mark program up that means we're going to use criteria device manufacturers already know and when they choose to meet the related standards they're going to be able to Showcase privacy and Security in the marketplace by displaying this Mark and over time we hope more companies will want to display it and even better more consumers will demand it all right so next steps if adopted by my colleagues at the agency and I'm pretty optimistic we're going to be able to do that in short order we're going to seek public comment on this proposal we'll ask about the scope of eligible devices the mechanics of managing this program and consumer education among other issues so this isn't a small task but I think it's worth it because the future of these smart devices is so big but even bigger is the opportunity for us to ensure that every consumer every business and even every bank with a vending machine can make smart choices about the connected devices they use so let's get to it thank you very much chairwoman so I asked German Rosen wurtzel mentioned the White House first launched a summit on the U.S cyber Trustmark program in October to bring in companies and Academia to hear perspectives on how this program could be most effective in connecting a voluntary program that could connect consumers who are eager to know that the smart TVs smart thermostat they're bringing into their homes are more cyber secure and less vulnerable to cyber attacks and to the companies who seek to develop more cyber secure products secure by Design but know that in some cases that may be more costly and want to know that there's a market for it so the goal of the Cyber Trustmark is to serve as that connection and stand with it with the Integrity of the US government standard created by the National Institute for standards who you'll hear from a bit more later since we began discussions on the program we've been greatly encouraged by the enthusiasm from the private sector companies who joined and said let's talk about it we're eager to do this we're eager to be a part of it and you'll hear from a number of companies here today so with that I'd like to welcome each corporate executive who joins us today and ask them to make remarks regarding how they will plan to be participating in the program so with that we'll start with Mr Yoon CEO of LG Electronics who I believe is joining us from South Korea thank you I'm I'm from LG Electronics USA thank you so much for having us today as a leader in Smart Home Technologies and platforms smart Appliance and connected consumer electronics product LD Electronics is honored to be here today for the official launcher of iot cyber security labeling program LG strongly support the groundbreaking new U.S cyber Trustmark program which aligns perfectly with the LG brand promise Innovation for better life through this voluntary program manufacturers and consumers will benefit from increased transparency consumer awareness and inform the decision making by incorporating your digital label with our QR code will be able to deliver comprehensive and up-to-date cyber security information to customers Foster interactive engagement get the valuable analytics and promote sustainability in this public private partnership We Believe government will play a crucial role in fostering iot cyber security and promoting its benefit by educating American consumers together we can have raise awareness and Empower consumers to make it informed decisions when purchasing connected device as this program launches here we urge U.S government to encourage with other nations regulatory bodies and Industry stakeholders to promote Labor's Global recognition and adoption by fostering International collaboration and consensus the United States can drive the adoption of common security standard and ensure all more secure and interoperable iot environment around the world today's historic announcement built on our own cyber security effort and our extensive work with consumer technology Association and connectivity standard Alliance as well as UL Solutions and other testing and certification bodies we look forward to collaborating with government and Industry stakeholders to make this program a success thank you very much Mr thank you Samsung on behalf of Samsung's 20 000 yes thank you for your leadership on this critical topic Samsung is the world's leading consumer electronics and Semiconductor Company our commitment to the US began more than 40 years ago we manufacture smart washing machines such as the one that you can see later at the Showcase and semiconductors in the United States with 72 percent of U.S homes having one
or more Samsung connected products the US is one of Samsung's largest and most important consumer markets Samsung prioritizes cyber security for both our own connected products and the open multi-brand Home iot ecosystem that we lead known as SmartThings to join our SmartThings platform all devices must pass functional testing for seamless interoperability and security testing for secure connections Samsung launched our security guidelines in the works with SmartThings program in 2018. this actually predated existing Global iot Security standards and was one of the first set of industry-driven ecosystem security standards since then the SmartThings ecosystem has grown to Encompass devices from more than hundreds of Brands and its security takes into account the latest Global standards including nist iot cyber security Baseline with our Market leadership in delivering Innovative and secure connected consumer devices Samsung commits to a voluntary cyber labeling program in the U.S that is harmonized with global approaches and features incentives for adoption we also commit to deeply engaging with our government and Industry Partners to develop an iot cyber labeling program that increases security transparency and protections for consumers once the program is efficiently mature we plan to obtain the label for many of our connected consumer products in the U.S market we also plan to play a leading role in the consumer education Campaign which is essential to the label's success as Samsung and through SmartThings we believe that Innovative consumer connected devices enable us to thrive together make our lives more sustainable more entertaining healthier and safer thank you once again for your leadership through our Collective partnership we're confident that this program will succeed thank you very much we'll turn it over to Mr Wilder of Logitech thank you for having us here today at Logitech we believe in the power and opportunity of the connected world we are world leaders in designing manufacturing and marketing products that help connect people to digital and Cloud experiences we have an intimate connection to our customers we're in their hands we're on their desks and we're in their homes and we take that seriously so we develop all of our products using a secure development practices following industry best practices and design development testing manufacturing and maintenance but that's not enough at Logitech We Believe consumers need easy access to information to make informed purchasing decisions to protect themselves and their families trust transparency and accountability are required to make that happen much like we are empowering our customers to make environmentally sustainable choices by being the first consumer electronics company to provide carbon Clarity labels on all of our products we also want to further support them to make safe choices and the devices that they put into their homes and offices so we commit to adding the U.S cyber
Trustmark to our products this is why Logitech is proud to be involved with the product security working group in the connectivity standards Alliance to help develop a best-in-class standard for iot security bolstered by leadership in action from this White House we will soon be able to provide Clarity and peace of mind to every consumer that the devices they use to interact with the digital world are protected from cyber threats so I want to thank the connectivity standards Alliance for spearheading this important work and the president and cabinet and our representatives for making this a national priority and an example for the world to fall thank you thank you very much we'll turn it over to Mr Claire Maher of Google thank you my name is Dave glademacher and I serve as Google's vice president responsible for security and privacy engineering for Android Google Play and the made by Google products which include Nest Fitbit and pixel devices and services the path towards these digital security labels has been a personal Journey for over two decades and I'm grateful to the White House for inviting us here today and to the numerous federal agencies members of Congress and other cyber Champions that have recognized a connected product device security as a critical issue for the American people and the world openness and transparency are built deeply into Google's DNA and for years we've voluntarily had our kind of connected devices validated by security Labs against requirements compatible with national and international standards we publish not only audit results but also security update lifetime commitments and vulnerability disclosure information generated through the world's most prolific vulnerably disclosure programs in partnership with the Global Security research community we've also promoted adherence to these best practices in our third party developer platforms the billions of devices and apps connected to those platforms again including Android Google Play Fitbit and Nest represent a significant portion of the Internet of Things we've also been actively working with the connectivity standards Alliance to stand up a certification program that harmonizes International standards to ensure they remain effective for consumers as well as manufacturers of all sizes today we're proud to commit to continue certifying Google's products against industry standards in support of the Cyber Trustmark and we will continue to lead the development of transparency standards because at Google we firmly believe that similar to food ingredients labels consumers deserve to understand the security ingredients of their products that connect to the internet while certification against Baseline standards does not mean that a product is free of vulnerabilities the transparency is the tide that raises all boats because it enables consumers to compare the security of products and make healthier choices which in turn will drive manufacturers to improve these ingredients making the Internet of Things and all of us safer thank you thank you thank you so much I think we can all reflect on the healthier choices whether it comes to diets or whether it comes to Tech we bring into our homes and offices so with that I want to turn it over to Mr way of Amazon hello and thank you for inviting Amazon to be here today at this historic announcement my name is Bill way and I'm the company's associate general counsel for privacy at Amazon we work backwards from our customers in everything we do and we work hard every day to earn their trust we help our customers compare products and Shop with confidence on amazon.com by displaying detailed privacy and security information on product detail Pages we have a very high bar for protecting our customers that's why our own devices and services are built with multiple layers of security and while we work every day to protect our customers and keep their information safe and secure Amazon supports the US government's objective of developing a comprehensive U.S cyber Trustmark labeling program that complements and aligns with Global Security requirements and regulations we think our customers will appreciate seeing the label not only on packaging when their products arrive on their doorstep but also when shopping online we look forward to partnering with our industry counterparts and the government including the FCC on this effort thank you so much and I know many of us are particularly grateful that we have Mr Krause for Yale and August locks here as we think about home safety connected locks is certainly one that's the top of everyone's list so Mr Krause thank you and good morning um I'm Kevin cross I'm the VP of Technology alliances for Yale and August lock and we're delighted to be here today Hill and August are pleased to participate in this iot labeling program and are committed to ensuring our consumer products meet the iot security labeling standard as the program develops as a leading smart home security brands that create residential products and services that manage access to the home the security and privacy of our customers has and will always be our top priority we are excited for the launch of the program as it shares our commitment to make iot devices safe secure and convenient for consumers thank you to the committee for allowing Yale in August to take part in this admirable initiative thank you thank you very much so improving the nation's cyber security and ensuring Americans can feel safer when they bring connected devices into their homes schools and offices has a great deal of support on the hill and the president greatly appreciates having leading lights on technology issues on the hill here with us to talk about their support for the program so with that I'd like to introduce congresswoman shakowski of Illinois well thank you so much it's really such an honor to be at the launch of this very important consumer protection activity I am here because I have for most of my life been an activist on consumer protection and this is a major step forward so thank you so so very much I want to tell you that consumers right now online and when they get these uh new products in their home that are connected to the internet do not feel confident right now unfortunately we have not passed a comprehensive online consumer protection uh bill in in this country I hope that that we will soon but um I think that consumers right now feel that there is no such thing as privacy that they want yes they do they want the technologies that you have produced they want to be able um to have all of the products that make life better and and in in their uh in their lives but they don't feel confident that this is not going to result in information that they don't want shared to be shared and to be abused and so I think this launching of this effort to now allow consumers to have the information that they are going to to to need they're going to have the protection that they desire is so incredibly important and I just want to say thank you to the industry that's involved and to President Biden and this Administration for understanding the anxiety that so many consumers feel when they buy these products that they want the benefits that they want to get from from them and yet are consumed are concerned that their safety and their privacy will be violated it's a big step I'm proud to be here as part of the launch thank you very very much we'd like to now turn to representative matsudors matsoi of California thank you so much for joining us today thank you everyone and I want to thank the deputy for the invitation and for the critical work advancing the cyber security labeling initiative you know if we all know about energy star to the fcc's Broadband labels this concept has effectively communicated Vital Information to Consumers about the products they use every day iot or The Internet of Things represents a new opportunity to improve People's Health reduce waste and make our lives easier while these benefits will be found by all Americans we really cannot ignore the unique cyber threat really posed by the widespread distribution of these iot devices each iot device offers a back door or even a front door for Cyprus criminals to exploit a network whether it's a baby monitor or a smart light bulb or anything else that we use every day our cyber defenses are only as strong as the weakest link in the chain but managing the Cyber threat can't just fall to individual consumers we know how tough that is it's unfair and ultimately ineffective it just doesn't work that's why this effort is so critical to our cyber Future IT ensures that the most capable actors in our digital ecosystem are helping manage the Cyber risk these new labels will not only give consumers better information about the products they're using in their homes they'll also create a clear incentives for the manufacturers to produce more secure devices and I'm really glad to see such a strong showing here in both industry and government it shows we are serious that we have the collective buy-in we need for this initiative I'm really glad to work with all of you to advance this important program it's wonderful to be here at the launch and I thank everybody here in a sea the White House really to help to create a more secure cyber future for all of us thank you thank you very much congresswoman matsule and finally we'll turn it over to representative Liu of California thank you as a recovering computer science major I am thrilled to be here and I want to thank the Biden Harris Administration for the focus on cyber security and the White House for hosting this event specifically I want to thank Deputy National Security advisor newberger FCC chairwoman Rosen Warsaw nist director locasio the department of energy director Kumar assistant director easterly and NCD acting director Walden for their leadership on this cyber security labeling initiative I also want to thank my tremendous colleagues Doris Matsu and John shakowski for their leadership on consumer protection issues I thought I'd start out with an analogy so when a shopper goes to Target and they buy a lamp and they bring their lamp home they don't expect it to catch on fire and the reason is because there's a little certification on that box by underwriter's Laboratory and target has learned over time that if they sell products they're certified by a certification agency consumers tend not to be mad at them because their products don't catch on fire and the manufacturers know that over time if they get and meet the standard then Target is more likely to buy the product for them so in 2017 Senator Mark and I introduced the Cyber Shield act to do a voluntary cyber security laboring Initiative for products similar to what under writer's laboratory would do for example and we are so pleased that the White House is now going forward with their cyber trust Mark voluntary cyber security labeling initiative and what we'll see is at the beginning it'll be really important to Consumers who will look at this Mark and then make a decision as to what product they want to buy but over time it's our hope that no one notices this Mark anymore because manufacturers would know hey if we meet these voluntary standards we're going to be able to sell our product retailers know that they're going to be able to sell more of these products if these products meet this standard and it's our hope that eventually we're going to get all products up to their cyber security standards that they needed me and so so thrilled to be here and thank you again for everyone participating trading in this important initiative thank you so much Congressman Lou and we'll hear a bit more from underwriter Labs a bit later in the program so thank you for highlighting their work as I mentioned earlier we're fortunate that keeping the nation safe in cyberspace is an area that really has a great deal of bipartisan support on the hill and the co-leaders of the cyberspace Solarium Commission Senator King and Congressman Gallagher issued a letter of joint support Senator King felt so strongly couldn't be with us today that he recorded a video so we'll hear from him now in just a moment I want to thank everyone that's been involved in bringing us to this day cyber labeling labeling of consumer products for cyber security is one of the major initiatives of the solarium commission it's one of the major initiatives that I've been interested in and working on for the last two or three years and I want to thank uh commissioner rosenwerzel and neuberger and all those who've been involved in making this a reality I think this is a big deal of course protection in cyberspace is a multi-layered process it involves government it involves big private Enterprises but it also involves people I often like to say that cyber security starts at the desktop it also starts at the router or at the at the at the Smart TV or all the other Myriad of devices connected devices that we have in our homes so what you're doing today is announcing the initiative that's been a long time in the coming in a long time in the in the work in the preparation and I just want to tell you how appreciative I am of all the work that's gone in at the FCC at the National Security Council in the private sector and uh the work that's gone into making this a reality congratulations this is going to really make a difference and I think it's going to help protect our country thank you for what you've done congratulations and let's see it roll loud so while the video played we brought in some new participants to the stage talk more about how the cyber security part of this program works so with that I'd like to turn it over to Lori lacazio director of the Department of Commerce National Institute for standards whose agency has done key work defining the initial cyber security standard underpinning the first round of devices under the U.S cyber Trustmark program well thank you so much and for your leadership and for convening today's launch of the U.S cyber Trustmark
program a very exciting day um good morning everyone I'm I'm thrilled to be here and excited to be working with my colleagues of course um Tara woman Orson Warsaw from FCC and really across the interagency and with our industry collaborators um trust is both the anchor for our work and the way we approach it Miss seeks to build trust and Technology by advancing cyber security and privacy standards guidelines techniques and measurements which are essential for U.S national security for Economic Security and for technological leadership nist builds trust in these resources an open transparent inclusive and collaborative processes across all stakeholders using this process we have developed guidelines and guidances for both users and manufacturers of iot products in collaboration with Partners from the private sector from Academia and from government because of the way we do our work industry trustness product processes and results and Industry voluntarily Builds on our work to improve the cyber security and privacy of available products and we're very happy about that we're pleased to see collaborative efforts building on this work in iot cyber security to support this exciting new program cyber security is a key enabler of other areas of concern for our citizens and businesses such as privacy and safety while cyber security is a shared responsibility we recognize that securable products are foundational for a secure ecosystem manufacturers cannot anticipate every customer environment and every use case that drives the understanding of risk however broad outlines of anticipated customers and user user cases use cases are possible and for these situations there are some common cyber security capabilities that are needed to provide a more securable product to the customer and this understanding ledness to develop the core Baseline and recommended set of activities that were described earlier to identify needed cyber security capabilities during product development and this Baseline provides a broadly applicable starting point and it allows the expansion as needed to accommodate new risks new products and cyber security capabilities as they arrive at nist our expertise is not limited to the development of standards and guidance we also are experts in Conformity assessment which is how organizations can demonstrate how they meet various standards and we develop guidance on Conformity assessments for the federal government and this guidance is grounded in Three core tenants first engage stakeholders at every phase of program development and operation second maximize transparency in design development and operation of the program and third reduce regulatory burden and stakeholder costs by leveraging existing efforts wherever possible including programs systems and competencies and this includes voluntary consensus standards wherever possible further through a series of efforts directed through executive order 14028 we've conducted Research into key elements of successful labeling programs for Consumer iot devices including minimum requirements and desirable attributes of labeling programs that will help providers and customers to choose the best solutions for their products and their environments this unique non-regulatory Science and Technology role positions us well to work across the diverse iot security stakeholders to improve trust and technology and contribute to a safer and more secure world and this fully supports the goal of a public-private sector engagement to provide consumers with usable information regarding the security capabilities of consumer iot products and we believe this cyber security labeling program can also lead to an increased number of consumer products that provide cyber security functionality and improve the ability of Manufacturers to demonstrate that cyber security functionality so I'm excited to work along all alongside all of you I'm excited to be here and to receive input on how we can learn from your efforts and leverage and build upon existing cyber security criteria to improve the security of connected technology so thank you again thank you so much Lori in the design of this program very much over the last year we've greatly appreciated the support of the consumer technology Association representing the 500 billion dollar U.S consumer tech industry as well as of the connectivity standards Alliance and we'll hear from both in just a moment so with that I'd like to turn it to Mr Bergman of the consumer technology Association thank you good morning everyone I'm Michael Bergman representing the consumer technology Association the nation's largest tech trade Association it's an honor to be here today CTA owns and produces CES the most powerful Tech event in the world a Proving Ground for breakthrough Technologies and Global innovators who make the connected devices we find throughout our homes and in our lives connected devices from Smart TVs to video doorbells have revolutionized how we live work and play however as The Internet of Things has made our lives easier it's created new opportunities for Bad actors to exploit consumers devices the consumer technology Association has worked with nist and others for more than five years to develop a voluntary National cyber security labeling program we meet regularly with manufacturers alliances universities consumer Advocates and cta's own ANSI accredited standards body to develop the foundational requirements for this program this work created the foundation for the U.S cyber Trustmark to help consumers
identify secure products standardized Mark in a QR code what information consumers will see online how to incorporate existing programs like third party certification and self-attestation and the technical requirements for a public registry of secure consumer products CTA has a proven track record seeding and leading public-private collaborations as evidenced by our recent work with industry in the FDA to bring over-the-counter hearing aids to tens of millions of Americans research shows consumers want more information on the Safety and Security of their products we agree our manufacturer and Retail members are excited about the voluntary label program and are ready to sell certification ready products once the FCC adopts final rules many are with us today to display their products and show their commitment to secure devices as the FCC Works to make the Cyber Trustmark program happen CTA as the voice of the tech industry will show the government and Industry can work together to strengthen incentives for participation and make sure that more manufacturers and retailers Embrace this critical program through regulatory incentives like an earned Safe Harbor preemption of state laws and international alignment government can speed up the pace of adoption the resulting cyber trust Mark can provide the consistency predictability and transparency that leads to Greater protection for consumers businesses and infrastructure by continuing to collaborate with industry the United States can demonstrate critical leadership in cyber security and serve as a model for other nations we applaud President Biden and the administration for their work to protect consumers the National Security Council the FCC nist and Congress have taken a big step forward by ensuring that consumers have the information that they need to make informed decisions about the security of the connected products they buy thank you thank you very much we now turn it over to Tobin Richardson of the connectivity standards Alliance a global standards organization thank you so much it's great to be here um I have some remarks but I also just want to start by saying that these kinds of things don't happen without incredible leadership I mean it usually happens with us and focus on interoperability Simplicity and security and in the three of you we have three great leaders who have made this a priority to protect consumers but also create a market that's useful for manufacturers and I'm very grateful for that and our members are the CSA the connectivity standards Alliance is an organization of 600 companies from around the world with that singular focus on interoperability delivering Simple Solutions for consumers and connected devices and we have the benefit of 20 years experience in delivering that both through zigbee and spart energy but in other areas as well our focus of course is on interoperability delivering consumer value and enabling greater and easier easier market growth for our members and especially for iot security which is the reason that we're here today U.S actions to establish requirements through nist and via the labeling program are part of a larger Global movement consumers worldwide not only need access to the value that the iot can bring but they also need to trust that the products that they use are safe and secure regulators and policy makers all over the world are looking to address these needs to build that trust and we are here to contribute as an organization and a global community this is not the first time we've needed to align uh and and find a place where industry and governments and Academia can work in a way that crosses Global boundaries for more than 20 years we've been on the front lines working with the U.S and other governments in areas like Smart Energy Smart grid remote controls and several other areas that touch consumers and critical infrastructure and most recently we've led the way with our members with secure iot interoperability with matter an IP based protocol that delivers really great device interoperability and that's just getting started by many of the companies here today that lets devices interoperate and work with platforms regardless of brand where every device is validated before joining the network and every message is encrypted that's a great start and that's how it goes a long ways toward what we're trying to achieve here the new product security working group within our organization dovetails nicely here over the last year it's been tackling this next challenge of security and Trust considering the disparate requirements across more than 47 countries who are looking at cyber security for the iot to establish a common Baseline standard based on nist and other leading criteria that can of course be validated through One-Stop shop Certification testing like ours can be recognized by programs like the U.S cyber security labeling program and others and can enable faster and easier adoption of that security Baseline by manufacturers around the world so that all consumers benefit so we're excited to be working here closely with many of the companies here today and also with Partners I'd like the consumer technology Association we're committed to delivering both the harmonized specification and certification program that meets the requirements for the U.S national label allowing industry through Global standards to deliver a more secure and a more connected world and we're posting a Blog later today of course with a list of members well over 30 who are committed to provide components to certify and support our standardization efforts and with that I want to thank the deputy National Security advisor chairwoman Rosen warsel and director Ocasio for all the great work and the leadership we look forward to the next steps here and working closely with you kinds of Partnerships that really Drive progress forward and we greatly appreciate that partnership over the past and looking forward to the future so with that I'd like to turn it over to Ms mourio of Underwriters Labs thank you good morning my name is Shantae Mario and I am representing ul's Solutions since this Inception in 1894 UL Solutions has served a mission of working for a safer World grounded in science and collaboration UL Solutions work empowers trust in pioneering technology from the Advent of electricity to the enablement of 5G and new Mobility it's an honor to be here today and we at UL Solutions appreciate the opportunity to say a few words on this important topic as consumers increasingly rely on connected Internet of Things devices from locks and baby monitors to Connected appliances they must be able to trust that these devices are designed built and managed over their lifetime with security and privacy in mind UL Solutions is a recognized leader in security training advisory testing auditing and certification services within cyber security regulated markets we provide an expanding range of solutions for safeguarding The Internet of Things supporting compliance to a variety of standards and Frameworks including nist en303 645 IEC 62443 and the red directive amongst others these offerings address the imperative aspects of secure product development and cyber security and smart ecosystems and effective cyber security supply chain risk management third-party assessment and verification is crucial for device cyber security product testing and certification by independent third parties along with the attachment of a visible well-known certification Mark provides confidence to Consumers that devices comply with industry and government specifications and requirements the ability of device manufacturers to credibly demonstrate the performance Safety and Security of their systems will be critical to establishing trustworthiness and should serve two purposes one to help manufacturers and develop developers improve the security posture of their products by leveraging proven security best practices and two to evaluate the security posture of iot solutions to make security more transparent to end users as the administration continues to evolve this new labeling program UL Solutions is eager to share our valuable expertise including our experience as a third party testing and certification body in similar government-led product labeling efforts around consumer facing issues such as the epa's energy star program for Energy Efficiency OSHA's nationally recognized testing laboratory program for electrical safety and the epa's environmentally preferable purchasing program pilot for sustainability thank you thank you very much we'll turn it over to Mr prayer karuppan please of keysight thank you thank you thank you for having us here today good morning I'm Ram Perrier group and I'm the vice president and general manager of the networks application and security business at keysight unlike many others on stage today we actually don't make consumer electronics instead we're a technology company that was originally founded in 1939 as Hewlett-Packard and we build products that help our customers you know including many of the manufacturers you're hearing from today accelerate Innovation to connect and secure the world we build the tools that manufacturers use to test everything from autonomous vehicles to battery drain and pacemakers to 5G cell phones securing their Cloud applications one way we help our customers in the build in is by building automated compliance testing for different security standards for example those used in 5G and connected cars consumers are rapidly embracing iot devices for use throughout their day this poses a serious risk for privacy financial and Health Data this is bad for everyone consumers and manufacturers alike but we've never had any sort of standard for securing iot devices or letting buyers know you know how secure these devices are keysight welcomes this initiative to improve consumer cyber security we're here today because we're excited to announce our commitment to building a point-and-click turnkey certification Solution leveraging on our 20 years of security test expertise consumer iot manufacturers will be able to quickly spot and fix security gaps in their products and ultimately validate their security to achieve the new iot label thank you thank you very much for that we'll turn it over to Ms Burkhart of ioxt thank you for having me so my name is Grace burkhard I am the director of operations at ixt Alliance the global standard of iot security and the first and most established iot security platform in the world the ixt alliance is a group of Manufacturers oems industry alliances labs and government organizations dedicated to harmonizing best security practices and establishing testable standards our goal is to bring security upgradability and transparency to the market and directly into the hands of the consumers we are a global organization committed to one Noble Mission creating a safer connected world through the advancement of iot security today I am honored to share with you our unwavering support for the U.S cyber Trustmark program and
our deep commitment to ensuring the Safety and Security of iot devices as The Internet of Things becomes an Inseparable part of our daily lives we are witnessing a remarkable transformation in the way that we interact with technology from Smart Homes to medical devices and Industrial Equipment iot is shaping the future however this transformative power comes with our its own set of challenges particularly in ensuring the security and protection of these interconnected devices that's where the iot alliance steps in we have been diligently collaborating with the National Institute of Standards and technology in shaping nist IR 8425 or the U.S cyber Trustmark program our contributions have been driven by the shared vision of building a safer iot ecosystem for all I'm proud to announce that due to our unwavering dedication and alignment of goals the iot alliance expects to be one of the first scheme owners to license the Cyber Trustmark to our members and stakeholders this recognition reinforces our position as the global standard for iot security and demonstrates the trust placed in our certification program our certification program sets a baseline level of security and we take immense pride in ensuring that connected devices meet industry recognized security standards as we work in harmony with other prestigious organizations such as the consumer technology Association the FCC and more we are committed to providing consumers with greater transparency and confidence when making iot device purchases but our journey doesn't stop here we believe in a future where iot is synonymous with trust where every connected device offers a secure experience our Relentless pursuit of this Vision drives us forward each day and we are fully invested in empowering manufacturers and consumers alike in conclusion as we embrace the U.S cyber Trustmark and Forge ahead with our mission let us all unite in creating a safer connected world together with the collective efforts of Industry leaders stakeholders and government agencies we can build a future where iot thrives on the Bedrock of security privacy and Trust thank you thank you very much for those remarks so in order to manufacture a safer and more secure product what's inside really matters including circuit boards and ships so I'm pleased we have a few companies here that are focused on making secure components so with that I'd like to introduce Mr rostek of Infineon thank you very much I'm Thomas rostek president of the connected secure systems division at Infinity Technologies and I'm honored to be here thanks we design develop and manufacture a broad range of semiconductor and system solutions for smart Mobility Energy Efficiency and for secure connectivity security is part of infinians DNA for more than 30 years and also actually personally for me I'm 20 years in security and that's why I'm super excited to be here because sometimes it's not so easy to sell security that's why this event is really really close to my heart and I came all the way from Germany for today so thank you we do make chips that secure credit cards and contactless payments we are trusted partner to the US government as we deliver security technology into the U.S passport and additionally we obviously make trips for securing computers for securing connected vehicles and obviously devices for iot for the internet or things additionally to this we are also engaged worldwide in standardization bodies on the topic of security like the CSA which actually did a great job also in kind of facilitating this year security is a central part of iot actually it's a precondition and without Security iot will not work long time the convergence of real on the digital world demands for secure data storage data transfer and for secured digital identities today there are more than 3 billion iot devices in the US more than 17 billion globally and the number is supposed to double until the end of the decade which makes the today's announce announcement so Timely and every of those devices need to be secure like the candy machine in the bank consumers seek quality and security when buying the products the creation of this voluntary U.S cyber Trustmark will
enable the people to compare security of the products they buy and it will allow the consumers to speak with their wallets empowering American consumers to choose better security in their iot devices will be a game changer creating a drive for better security as the energy star has be has created a drive for better efficiency so it's a matter of trust to create as semiconductors are the backbone the starting point for security in a device that's why we are here today to also commit um to get our iot development boards I have one with me here certified under this new U.S national label program together with the already existing certifications that we have on many of our trips this will help our customers to create iot devices that are secure and are also being able to be certified under the U.S national label scheme so we congratulate the Biden Harris Administration for making this program a reality and thanks again for having me joining us we greatly appreciate that so now we'll turn it to Mr creveston of Koro good morning and thank you for the opportunity to join you today as we take this important step in securing The Internet of Things ecosystem and enhancing consumer confidence in the iot my name is Eric Krauss and I'm president of the connectivity and sensors business at corvo we're a North Carolina based semiconductor manufacturer focused on developing communication power and sensing solution for multiple markets such as mobile automotive defense and of course iot as members of the connectivity standards Alliance the car connectivity Consortium and the fear of Consortium corvo understands the high value of the consumers place in device standardization and security we enable highly reliable Wireless connectivity between smartphones and Wi-Fi networks and our Solutions are in many of today's iot devices these devices produce data typically from sensors process the data and transmit it to other iot devices primarily using system ship technology from companies like corvo our chips include protected unique identifiers together with security vaults and processors to guarantee the integrity and authenticity of information it's of utmost importance that the industry aligns on the proper and common practices to ensure iot devices and ensure they do not become a weakness in the security chain we invest heavily to ensure compliance of our Solutions with standards and interoperability access across our portfolio as we see security as a fundamental driver to the uptake of iot we know the promise of the iot smart home and connected car can never be fully realized unless consumers are confident their networks devices and personal information are truly secure we're proud to be here with many of our customers and Industry partners and the support of the labeling initiative the adoption of global standards and the resulting consumer confidence has been key to the growth and Rapid adoption of many of today's key Wireless Systems see the same opportunity for the iot and the labeling initiative as a key driver of consumer confidence we look forward to supporting our customers in this important industry initiative and are proud of the corvo place in keeping the it securely connected thank you very much and finally we'll turn it over to Mr Tibbetts of Qualcomm thank you so much and thank you I'd like to thank this distinguished panel for your leadership and your initiative it's really critical here my name is Nate Tibbetts I'm with Qualcomm Qualcomm is a leading Wireless technology innovator and the driving force behind 5G which is accelerating digital transformation across Industries and enabling novel connected Solutions we invent breakthrough technologies that connect devices and support countless services that consumers use and love to more than thirteen thousand Global ecosystem members and customers our iot chipsets enable devices that deliver safer Manufacturing Systems for workers smarter Logistics tracking and safety for drivers more sustainable City infrastructure for the citizens and seamless and secure virtual appointments for Physicians and their patients we help put the connected digital Edge in the hands of the people we Implement Advanced security tools in our chipsets to support reliable and secure iot applications today the White House's voluntary cyber trust label program supports American Industries expanded Reliance on iot and Secure Solutions and Qualcomm welcomes today's announcement stick thank you so we'll do our final transition to talk about educating the consumer The Shopper who's shopping online or in stores to know to as a prior speaker said make healthy choices so as we do that we'll turn to a video by Carnegie Mellon University on their nutrition facts style label for Consumer connected devices and how that might work [Music] let's say you're shopping for a smart thermostat for your connected home you would love to save energy and control your thermostat remotely but you have heard that iot products can be hacked over the internet and you're concerned about what data they collect in your home you go to your favorite electronics store and walk down the aisle where they sell Internet of Things products there are many smart thermostats to choose from you find four smart thermostats on the Shelf in your price range with the features you want you notice that three of them have a security and privacy label on the package while the fourth one does not you haven't seen Security in privacy labels before but think they might be quite useful you take a closer look at the three thermostats with labels the thermostats is voice activated it includes a microphone but you notice on the label that the audio is shared you also notice that the manufacturer provides security updates but you will have to apply them manually the other two thermostats also have microphones but do not share the data you get out your smartphone and scan the QR code to learn more about the privacy and security features of the second thermostat you learn that the audio is used to provide device functions which you are comfortable with but it is also used to collect data for advertising and it is stored in the cloud and identified form [Music] you scan the QR code of a third box and are happy to see that audio data is only used for device functions such as voice control and audio data never leaves your home thanks to the security and privacy information on the label you feel confident about your purchase decision you decide to tell your friends and family about the label one of your friends recalls your conversation and is now shopping online for a smart doorbell [Music] they pick a top rated doorbell and click on it they see the security and privacy label and check it out they are disappointed to see that this smart doorbell shares visual data from the camera and doesn't offer multi-factor Authentication they go back to the list of doorbells and pick the next one which is also highly rated [Music] this time they are pleased to see that the doorbell does not share data and it has a multi-factor authentication option they click on the label to get more details they are happy to see that audio and visual data is used only to provide device functions this smart doorbell meets all their needs so they put it in their shopping cart then they send you a text to thank you for telling them about the security and privacy later A Carnegie Mellon scilab over the past five years we have been doing research on how to help consumers find connected Smart Home Products that are secure and disclose clearly how personal data is collected shared and used we're conducting consumer studies to help us design comprehensive iot security and privacy labels that will best inform consumers [Music] thank you so that was a really great example of how details on consumer labels can help consumers make the right health or cyber security choices so I'm pleased to be joined here by Jenny Staley director of the cyber security and infrastructure Security Agency to describe cis's work on consumer education awesome thank you so much and it's such a pleasure to be here today with so many terrific Partners across industry Academia and across the federal government and I just want to say thanks especially to you to Jessica to Lori for just the groundbreaking work here you know the U.S cyber trust Mark represents a critical Advance toward a cyber ecosystem in which the technology tha
2023-07-24 05:25