"U.S. Cyber Trust Mark" Program Launches for Consumer Device Security
Initiative Announced by Biden Administration
The Biden-Harris administration announced on July 18, 2023, a significant step toward bolstering cybersecurity protections for American consumers, with the introduction of the "U.S. Cyber Trust Mark" program. This voluntary certification and labeling initiative for smart devices aims to enhance their cybersecurity robustness.
Spearheaded by Jessica Rosenworcel, Chairwoman of the Federal Communications Commission (FCC), the program will focus on commonly used devices including smart refrigerators, microwaves, televisions, climate control systems, and fitness trackers.
The initiative has gained substantial backing from leading electronics, appliance, and consumer product manufacturers such as Amazon, Best Buy, Google, LG Electronics USA, Logitech, and Samsung Electronics. It has also received support from various retailers and trade associations.
Under the proposed program, products that meet predetermined cybersecurity standards will bear a unique shield logo, empowering consumers to make knowledgeable decisions about the security of the devices they purchase.
The certification criteria will be founded on cybersecurity guidelines issued by the US National Institute of Standards and Technology (NIST). This will include strong default passwords, data protection, software updates, and incident detection capabilities.
The FCC, using its regulatory power over wireless communication devices, will seek public input on the introduction of the voluntary cybersecurity labeling program, which is expected to be operational by 2024.
For enhanced transparency and competition, the FCC plans to incorporate QR codes linked to a national registry of certified devices, providing consumers with precise and comparable security information.
The program also plans to extend its coverage to consumer-grade routers—a high-risk product category—and potentially include smart meters and power inverters, vital components of the future smart grid.
In its effort to promote international harmonization of standards, the US Department of State will collaborate with allies and partners to recognize similar labeling initiatives.
William Wright, CEO of Closed Door Security, was quoted by media reports commending the initiative, stating it will help consumers identify devices considered safe by the government. However, he warned about the prevalence of zero-day vulnerabilities that can be discovered in devices long after they have been marketed.
According to Wright, this necessitates all vendors involved in the program to conduct proactive penetration testing and vulnerability assessments on their devices regularly. They must also ensure patches and updates can be easily applied when issues are found.
The unveiling of the U.S. Cyber Trust Mark program follows the White House's release of a plan for implementing its National Cybersecurity Strategy earlier in July.