White House announced an initiative that allows Americans to identify devices that are less vulnerable to cyber attacks.
A new certification and labeling program would raise the bar for cybersecurity across smart devices such as refrigerators, microwaves, televisions, climate control systems and fitness trackers, the White House said in a statement.
Retailers and manufacturers will apply a U.S. Cyber Trust Mark logo to their devices and the program will be up and running in 2024.
The Federal Communications Commission will seek public comment before rolling out the labeling program and register a national trademark with the U.S. Patent and Trademark Office, the White House said.
In March, White House launched its cyber strategy that called on software makers and companies to take far greater responsibility to ensure that their systems cannot be hacked.
It accelerated efforts by agencies such as the Federal Bureau of Investigation and the Defense Department to disrupt activities of hackers and ransomware groups around the world.
Last week, Microsoft and U.S. official said Chinese state-linked hackers secretly accessed email accounts at around 25 organizations, including at least two U.S. government agencies, since May.
What’s U.S. Cyber Trust Mark program
U.S. Cyber Trust Mark program, proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, aims to establish a certification and labeling system for smart devices, ensuring they meet stringent cybersecurity standards.
The U.S. Cyber Trust Mark program is designed to raise the bar for cybersecurity in commonly used devices such as smart refrigerators, microwaves, televisions, climate control systems, and fitness trackers.
Several prominent manufacturers, retailers, and trade associations have committed to strengthening cybersecurity measures for their products. Industry giants such as Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics have shown support for the program and pledged to enhance cybersecurity in the devices they offer.
Under the proposed program, certified products meeting established cybersecurity criteria would feature a distinct U.S. Cyber Trust Mark shield logo. This visual indicator would allow consumers to easily identify products that adhere to robust cybersecurity standards, granting them greater peace of mind.
To implement the program effectively, the FCC, utilizing its wireless communication device regulatory authority, plans to seek public input on the voluntary cybersecurity labeling program. The goal is to launch the program by 2024, leveraging stakeholder-led efforts to certify and label products based on cybersecurity criteria set by the National Institute of Standards and Technology (NIST). These criteria may include requirements such as unique and strong default passwords, data protection measures, regular software updates, and incident detection capabilities.
Additionally, the FCC has applied to register a national trademark for the U.S. Cyber Trust Mark with the U.S. Patent and Trademark Office. The administration, including the Cybersecurity and Infrastructure Security Agency, will support the FCC in educating consumers about the new label and encouraging major retailers to prioritize labeled products in their inventory.
The FCC intends to incorporate a QR code on the labels to promote transparency and competition. This QR code will link to a national registry of certified devices, allowing consumers to access specific and comparable security information about the smart products they intend to purchase. The Commission plans to collaborate with other regulators and the U.S. Department of Justice to establish oversight and enforcement mechanisms to maintain trust and confidence in the program.
Moreover, the NIST will begin defining cybersecurity requirements for consumer-grade routers, which are considered higher-risk products that can compromise privacy and security if compromised. The NIST aims to complete this work by the end of 2023, potentially expanding the labeling program to include consumer-grade routers.
In parallel efforts, the U.S. Department of Energy has announced a collaborative initiative with National Labs and industry partners to develop cybersecurity labeling requirements for smart meters and power inverters. These components are vital for the future clean and smart grid, and the initiative will help ensure their cybersecurity.
On an international scale, the U.S. Department of State is committed to collaborating with the FCC to engage allies and partners in harmonizing standards and pursuing mutual recognition of similar labeling initiatives.
The introduction of the U.S. Cyber Trust Mark program represents a significant step in enhancing the cybersecurity of everyday smart devices. It provides consumers with increased confidence in the products they rely on, while also offering a competitive advantage to businesses that prioritize cybersecurity.
Participants include Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics, Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale, and August U.S.