The White House and U.S. Federal Communications Commission (FCC) have unveiled a new cybersecurity certification and labeling program aimed at enhancing the security of connected devices.
With the increasing prevalence of internet-connected devices and the rising concerns over cyber threats, this initiative seeks to provide American consumers with an easier way to evaluate the security of these devices.
By implementing voluntary guidelines and labeling certified products, the U.S. Cyber Trust Mark program aims to address the lax security standards that have made smart devices attractive targets for hackers.
The U.S. Cyber Trust Mark program will cover a wide range of smart devices, including baby monitors, fitness trackers, and other popular targets for cybercriminals. By applying the program's shield logo to certified devices, consumers will be able to identify and choose products that meet the program's cybersecurity guidelines. The logo will also include a QR code, providing access to a registry of certified devices and valuable security information.
Drawing from established cybersecurity recommendations by the National Institute of Standards and Technology (NIST), the program will require manufacturers to adhere to certain guidelines. These guidelines include implementing unique and strong default passwords, ensuring data protection, providing regular software updates, and integrating incident detection capabilities.
The program's objectives align with those of the Energy Star labeling program, which promotes energy efficiency and is operated by the Environmental Protection Agency and the Department of Energy.
To further bolster security, the U.S. Cyber Trust Mark program will focus on developing specific cybersecurity requirements for consumer-grade routers—a frequent target for hackers.
Additionally, the Department of Energy will research and develop a cybersecurity labeling requirement for smart meters and power inverters, expanding the program's scope to critical infrastructure devices.
The initiative has garnered support from industry leaders and major retailers. Companies such as Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung have already announced their commitment to the program, signaling the industry's recognition of the importance of cybersecurity for consumer devices.
While the U.S. Cyber Trust Mark program is set to launch in 2024, the FCC plans to seek public comment on the program before its implementation. The rulemaking process will also address potential liability for manufacturers failing to comply with the program's standards. This comprehensive approach not only emphasizes the significance of cybersecurity but also encourages active participation and accountability from manufacturers.
Through collaborative efforts and ongoing improvements, the U.S. is actively working toward a safer and more secure environment for the growing ecosystem of connected devices.
