White House Unveils Cybersecurity Strategy to Keep IoT Devices Safe

The Biden-Harris administration recently delivered its latest statement on the state of cybersecurity in the U.S., detailing several new initiatives to further the nation’s cybersecurity goals and “lock [its] digital doors.”

The strategy marks the first since the Trump administration’s 2018 iteration, which maintained similar goals to its predecessors in emphasizing strengthening critical infrastructure, collaboration with the private sector and securing government networks, though the Trump Administration also included a plan to ramp up offensive cyberoperations. On the latter point, the Biden-Harris plan differs, with the onus placed more on bolstering systems and clarifying regulations around cybersecurity.

The latest cybersecurity push includes a plan to roll out a labeling system for commonly used IoT products, rating each for its resilience to cybersecurity threats. The system will take inspiration from the Energy Start system currently in place to rank the energy efficiency of appliances and will begin by rating routers and home cameras, being the most commonly used and  “often most at-risk” devices by consumers. A meeting with stakeholders to set out the parameters of this new labeling system is expected in the near future.  

Hollie Hennessy, senior IoT cybersecurity analyst at Omdia, points to the importance of this new measure, with consumer IoT devices currently neglected in security regulations and systems. 

“Devices are riddled with vulnerabilities and, while there is development with standardization and guidelines globally, it’s still unclear for consumers whether a device is secure or not,” she said. “Given the fragmented standards, guidance and regulatory landscape globally, it will be interesting to see the route the U.S. takes with their labeling scheme, and how this crosses over and compliments other government schemes.”

The White House fact sheet also included plans to increase cybersecurity resilience and implement new regulations for the pipeline, rail and aviation sectors, as well as ensure all new infrastructure in the nation adheres to high data security requirements, such as EV charging stations. 

New investments in digital security are also planned to bring high-speed internet to underserved parts of the country, and the administration has launched a first-of-its-kind cybersecurity grant program providing $1 billion for state, local and territorial governments over four years to combat cyber threats to critical infrastructure.

The administration has also set up a new rapid response system at NATO to establish a line of communication between participants to offer support during cyber attacks. 

The news comes a year after widespread ransomware attacks hit the country, targeting health care providers and utilities, including the Colonial Pipeline. It also builds on the Administration’s National Security Strategy announced last week, in which cybersecurity formed a key part. 

“We’re investing in the technologies and industries of the future,” said National Security Advisor Jake Sullivan. “[But] our investments are only as good as the steps we take to protect them, which is why cybersecurity remains so central to the approach we are taking at the National Security Council and across our government.”

The news also comes as governments around the world are strengthening defense infrastructure in the midst of fluctuating geopolitical tensions.

“Recent geopolitical changes…are highlighting the real need to secure the nation’s infrastructure,” said Hennessy. “Aside from just a U.S.-focus, the announcement sheds light on the importance of collective intelligence – globally. Both the International Counter-Ransomware Initiative and establishing dialogue with allies and partners to support each other in response to incidents and coordination is a necessary step, especially given today’s geopolitical landscape.”