In a significant move to bolster cybersecurity for consumer electronics, the Biden-Harris Administration has announced a new cybersecurity labeling program aimed at helping Americans choose smart devices that are safer and less susceptible to cyberattacks. The initiative, introduced on July 18, 2023, will see the introduction of a “U.S. Cyber Trust Mark,” a label that will be applied to products that meet stringent cybersecurity criteria.
Purpose and Implementation
The cybersecurity labeling program is designed to address the increasing vulnerability of smart devices to cyber threats. As the number of internet-enabled devices, commonly known as the Internet of Things (IoT), continues to rise, so does the risk of cyber intrusions. The new label aims to guide consumers in selecting products with robust security features, thereby enhancing their protection against potential cyberattacks.
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, who proposed the program, emphasized its voluntary nature, encouraging manufacturers to adopt the label to signify compliance with established cybersecurity standards. These standards, developed by the National Institute of Standards and Technology (NIST), include requirements for strong default passwords, data protection measures, regular software updates, and capabilities for detecting security breaches.
Industry Support and Expected Rollout
Major industry players such as Amazon, Google, LG Electronics, Samsung, and Logitech have expressed their support for the program. These companies are expected to implement the cybersecurity standards and display the U.S. Cyber Trust Mark on their qualifying products by 2024.
The program also includes provisions for a QR code on certified devices, allowing consumers to access a national registry of certified products and obtain detailed security information. This initiative aims to promote transparency and informed decision-making among consumers.
Regulatory and Educational Efforts
The FCC is currently seeking public comment on the proposed program and is working towards registering a national trademark for the Cyber Trust Mark. In parallel, the Cybersecurity and Infrastructure Security Agency (CISA) will assist in educating consumers about the importance of cybersecurity and the benefits of choosing labeled products.
To further enhance the program’s effectiveness, NIST will define specific cybersecurity requirements for high-risk devices like consumer-grade routers by the end of 2023. Additionally, the U.S. Department of Energy is collaborating with industry partners to develop cybersecurity standards for smart meters and power inverters, integral components of the future smart grid.
International Collaboration
The U.S. Department of State is actively engaging with international allies to harmonize standards and pursue mutual recognition of similar labeling efforts globally. This international cooperation aims to create a cohesive and universally accepted cybersecurity standard for smart devices.
The new cybersecurity labeling program represents a proactive step towards securing the growing number of smart devices in American homes. By providing a clear and trustworthy indicator of a product’s cybersecurity posture, the U.S. Cyber Trust Mark will empower consumers to make safer choices, ultimately enhancing their protection against cyber threats.
