Executive Order 14028 issued in May of 2021 asked the National Institute of Standards and Technology (NIST) to “identify IoT cybersecurity criteria for a consumer labeling program,” as “the United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” NIST fielded public comments regarding the criteria for such a program.

SPLICE PI Susan Landau provided comments, found here, encouraging NIST to “provide a convening function to develop best practice principles for consumers of IoT devices” to make informed decisions about tradeoffs between “security and controllability, security and interoperability, security and usability, privacy and usability, etc.” and increase the likelihood of success of a consumer labeling effort.

Landau, S. (2021). Tussles in IoT Space: Crucial Considerations for Consumer Devices. https://www.nist.gov/system/files/documents/2021/09/03/Tufts-NIST_IoT_Consumer_Workshop.pdf