Now, A Label to Certify IoT Cybersecurity Compliance

Government certification now available for consumer products that meet U.S. cybersecurity standards

Spencer Chin, Senior Editor

July 28, 2023

3 Min Read
A government label certifying cybersecurity protection has been developed for IoT devices. Urupong/ iStock / Getty Images Plus/Via Getty Images

Growing cybersecurity threats pose a real danger to networks of all types including IoT, with users concerned about protecting their hardware and valuable data from hackers. Several years of government and industry efforts have resulted in a new label for IoT consumer products validating that meet ad acceptable level of cybersecurity protection.

Speaking in an interview with Design News, Steve Hanna, Distinguished Engineer for Infineon and active in helping to develop the labeling certification, says the label can be thought of as Energy Star compliance for cybersecurity. Hanna is active in the CSA (Connectivity Standards Alliance), an industry group formerly know as the Zigbee Alliance that was active in helping to support the labeling concept. CSA member companies include major IoT players such as Amazon, Google, Apple, Huawei, LG Electronics USA, Logitech, NXP Semiconductors, Schlage, and Yale, and Comcast.

As detailed in a White Paper from Hanna, mounting concerns over IoT cybersecurity have prompted both industry and government to take action. In May 2021, the Executive Order on Improving the Nation’s Cybersecurity mandated several changes to improve cybersecurity, which included NIST (National Institute of Standards and Technology) developing NISTIR 8425, a set of IoT cybersecurity standards for consumer IoT devices. In addition, NIST would develop a recommended set of criteria for cybersecurity labeling of consumer IoT devices.

Related:Why Are Manufacturers So Prone to Cyber Attacks?

Following NIST

The result is a National Label for Cybersecurity that will reward products meeting the requirements of NISTIR 8425, by permitting them to display a U.S. government label and be listed in a U.S. government registry indicating that their cybersecurity has been tested and certified as compliant with U.S. government standards.

Hanna said that the label will be optional for U.S. products. But there are efforts abroad to make such a certification mandatory. For instance, in the EU, a revision to the Radio Equipment Directive (RED) will require all devices with a radio to comply with certain IoT cybersecurity requirements in order to be sold in that region. The effective date for these requirements is now set at 2024 or 2025.

According to Hanna, the compliance testing to obtain the government label will be done by independent testing organizations selected by the government. While Hanna said no one has been selected yet, it is possible that testing labs now used to certify product compliance will get involved.

Outside of achieving official compliance, semiconductor and electronic suppliers have been bolstering the cybersecurity protection in their parts to make them less susceptible to hacking. Besides encryption, manufacturers such as Infineon offer hardware security devices that make it easier to implement security in IoT devices. 

Hanna also noted that because of constantly changing cybersecurity standards and an increase in threats, the label that products receive will have a QR code that users can scan to determine if the IoT cybersecurity compliance is still valid for a particular product.

Spencer Chin is a Senior Editor for Design News covering the electronics beat. He has many years of experience covering developments in components, semiconductors, subsystems, power, and other facets of electronics from both a business/supply-chain and technology perspective. He can be reached at [email protected].


About the Author(s)

Spencer Chin

Senior Editor, Design News

Spencer Chin is a Senior Editor for Design News, covering the electronics beat, which includes semiconductors, components, power, embedded systems, artificial intelligence, augmented and virtual reality, and other related subjects. He is always open to ideas for coverage. Spencer has spent many years covering electronics for brands including Electronic Products, Electronic Buyers News, EE Times, Power Electronics, and electronics360. You can reach him at [email protected] or follow him at @spencerchin.

Sign up for the Design News Daily newsletter.

You May Also Like