Watch more: https://youtu.be/OMXQMsKS0Xw
Today, the White House announced the launch of the U.S. Cyber Trust Mark program alongside the FCC. The U.S. Cyber Trust Mark will allow Americans to confidently identify which connected devices meet the U.S. Government’s cybersecurity requirements and are less vulnerable to cyberattacks.
The White House hosted an event today for the official launch of a national labeling system for consumer connected devices. OpenPolicy was among the organizations in attendence.
Dr. Amit Elazari, editor of international ISO/IEC standard for IoT Security, and CEO and Co-Founder of OpenPolicy attended the event alongside leading policymakers, agency directors, members of Congress, and CEOs of multi-national companies and Trade Associations.
OpenPolicy further convened leading start-ups and innovative security companies helping to protect the ecosystem from connected devices. These experts expressed their support and commitment to the effort and engage with policymakers.
We released the following joined statement of support:
OpenPolicy Partners Statement in Support of the IoT Security Labeling Initiative
The launch of the IoT Security Label marks a pivotal step forward in our collective journey to raise the bar on product security and equipping the ecosystem with better information on the security posture of devices and enterprises. It empowers users and businesses to take a more active role in their connected life and make better-informed decisions about their security and privacy.
This is a critical pillar marking the Administration’s long-standing commitment to the security of the ecosystem and the nation, building on a decade of product security initiatives such as NIST work on IoT security baselines (NISTIR 8259), the Executive Order on Improving the Nation’s Cybersecurity and the Federal IoT Cybersecurity Improvement Act, now in implementation.
We are supportive of, and encouraged by, the Administration’s recognition of the critical need to enhance the security measures in products and IoT, measurability and transparency of security of these devices, and user awareness and accountability of manufacturers in this domain.
As part of our longstanding partnership with the U.S. Government and public-private partnerships that elevate security, the following organizations are committed to supporting the IoT Security labeling initiative and the broader mission of protecting, users, products and the nation.
We are doing so by taking the following actions:
Armis will work with the Administration as part of this effort to enhance the visibility and security posture of IoT devices deployed by the federal government, states, and enterprises and their alignment with the labeling scheme controls. Armis will continue to provide actionable asset visibility and threat intelligence on novel attack vectors for IoT/OT as part of its overarching mission to monitor the entire attack threat landscape. Armis will work with the administration and government partners, together with its ecosystem of partners, to inform future IoT security controls, measurability, innovations and processes that can elevate security.
Claroty will work with the Administration to provide situational awareness and expertise for the Extended Internet of Things (XIoT) across industrial and critical infrastructure sectors at the federal, state and local level. We aim to support goals of the labeling scheme and relevant security standards by providing insight into the risks associated with XIoT assets which, if compromised, could have significant real-world impact.
Cybeats will contribute to the Administration, the Scheme Owner and Relevant Government Partners’ technology solutions to support the measurability, assessment and enforcement of the features and controls required by the Label and product security more broadly, including by leveraging Software Bill of Materials (SBOMs) to enhance awareness and visibility into the current state of IoT devices and potential unmitigated vulnerabilities. Cybeats will share information on emerging threats (such as current state of devices deployed with known threats) and continue to work with fellow partners to develop standards and best practices for software and IoT security, and SBOM in particular in support of the label.
As a global leader in cybersecurity training and awareness, ThriveDX fully supports the Administration's commitment to product security and clear, publicly available information on the security posture of devices and enterprises. ThriveDX will continue to work closely with our government and academic partners to not only bring more diverse audiences into this conversation but skill the workforce of the future on IoT security and equip them with relevant training that will apply to the rollout of this national cybersecurity effort.
As part of Cybellum’s mission to keep the connected products we all rely on cyber secure, Cybellum will continue to support the administration to promote product security by contributing intelligence on new threats and cyber risks arising from consumer devices sectors such as automotive, medical, and banking. Cybellum will collaborate with the administration to explore pathways for the development and incorporation of automatic solutions for policy validation, within product security processes, to seamlessly validate the security posture of devices, generate compliance reports, and automatically validate policies, before and after such devices enter the market.
As part of its mission to provide organizations a true system of record for all digital infrastructure, Axonius will work with the Administration to provide visibility, context, and actionable asset intelligence. Axonius will continue to support its many government customers, the Administration, and partners to discover, monitor, and control hardware, software, identities, SaaS, cloud, and IoT/OT assets.
Mine, a leader in data and privacy risk management, will work with the Administration to increase the adoption of technology solutions to support the measurability, assessment, and enforcement of the Label controls for security, data protection, and product awareness. Mine will partner with the administration to explore additional novel solutions for users and enterprises to address holistic risks (AI, privacy, and Security) steaming from IoT data collection and its usage by AI applications. Mine will further share expertise with the administration on data mapping and transparency solutions for IoT. It aims to empower users to understand better data collected by devices, exercise their privacy rights in IoT, and build trust between users and manufacturers.
BreachQuest, an emerging cyber startup focusing on innovative technology for incident reporting, is supportive of the Administration’s efforts and will work with the Administration to identify opportunities to increase the speed and scale of an incident response while reducing the time, cost, and effort of recovery time from a breach steamed from connected devices. BreachQuest will further share threat information, and work with the Administration and relevant agencies to continue to improve response, recover, and resiliency across all devices in the ecosystem.
OpenPolicy CEO and Co-Founder, Dr. Amit Elazari, and Co-Editor of ISO/IEC 27402 (IoT baseline security measures) is committed to continuing to support global standardization and ecosystem efforts for creating technical standards in support of the Labeling Scheme and alignment of baseline security measures globally, including by supporting relevant convenings. OpenPolicy will also provide a relevant overview of global emerging product security regulations and standards, leveraging its technology.
OpenPolicy produced an animation and stakeholder video, which includes leading think tanks, and academic and industry voices, providing an overview of the initiative and explaining its importance, to be used broadly by all stakeholders. The animation will be provided in a Creative Commons license available for all to use.
OpenPolicy is committed to convening leading product security stakeholders, with a focus on innovators and startups, to support the Administration’s work on elevating the security of IoT and enabling a pipeline of future of IoT Security innovations.
More about OpenPolicy:
In a world where future regulation drives technology markets at scale, and only selected few lobby governments - OpenPolicy is the world’s first policy intelligence and engagement platform, unlocking future markets by connecting businesses of all sizes with policymakers globally, to drive advocacy more effectively.
OpenPolicy goal is to democratize access to the most important market intelligence out there: future regulatory, government and policy action.
We believe that access to policy can be powered by technology and access to markets can be powered by policy.
.png)
