The Biden Administration recently announced the “U.S. Cyber Trust Mark” program, a cybersecurity certification and labeling program designed to help Americans more easily choose smart devices that are less vulnerable to cyberattacks.
Federal Communications Commission Chairwoman Jessica Rosenworcel proposed the U.S. Cyber Trust Mark program. It is expected to raise cybersecurity standards for many everyday Internet-connected devices such as smart refrigerators, microwaves, television, climate control systems and fitness trackers.
A number of major electronics, appliance and consumer product manufacturers, retailers and trade associations have voluntarily committed to increasing their products’ cybersecurity, according to the administration. Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics are among the manufacturers and retailers who’ve announced their support and commitment to the program.
Under the proposed new program, customers would see a newly created “U.S. Cyber Trust Mark” in the form of a distinct shield logo applied to products meeting established cybersecurity criteria. The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes.
As proposed, the program would leverage stakeholder-led efforts to certify and label products, based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST) that, for example, requires unique and strong default passwords, data protection, software updates and incident detection capabilities.
To further enhance transparency and competition, the FCC plans to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products.
“We knew that we didn’t want to create a label that said this product had been certified and secured and then stayed secure forever,” a senior administration official said during a call with reporters. “The QR code will give you up-to-date information on the ongoing adherence to cyber security standards.”
Additionally, the NIST will work to define cybersecurity requirements for consumer-grade routers — a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords and attack other devices and high value networks. NIST will complete this work by the end of 2023, to permit the commission to consider use of these requirements to expand the labeling program to cover consumer-grade routers.
Meanwhile, the U.S. Department of Energy announced plans to collaborate with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, which are considered to be essential components of the clean, smart grid of the future.
The U.S. Cyber Trust Mark program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives, the administration said. It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.