The Biden administration is set to launch a groundbreaking initiative, introducing a new cybersecurity label for smart devices that aims to bolster security standards and protect consumers from potential threats. Federal Communications Commission (FCC) Chair Jessica Rosenworcel revealed the label, called the US Cyber Trust Mark, during a press briefing. The Cyber Trust Mark will signify that devices bearing it meet stringent security criteria based on the National Institute of Standards and Technology (NIST) report.
The program, slated for implementation in 2024, will cover various connected devices commonly found in households, including smart refrigerators, microwaves, televisions, and climate control systems. However, the scope of the certification extends beyond conventional smart home automation, as it also includes “smart fitness trackers,” indicating the initiative’s ambition to safeguard a wide range of consumer devices.
Notably, the Cyber Trust label has garnered voluntary support from prominent electronics, appliance, and consumer product manufacturers, as well as retailers and trade associations. Heavyweights like Google, Samsung, Logitech, Amazon, Best Buy, and the Connectivity Standards Alliance (home of the Matter smart home standard) are among the entities supporting the program. The FCC, utilizing its authority to regulate wireless communication devices, is leading the charge in proposing the certification and labeling program. The FCC aims to enforce requirements for strong default passwords, data protection, software updates, and incident detection capabilities.
Similar to the Energy Star certification, the Cyber Trust label consists of two components: a logo displayed on the product’s packaging and a QR code that allows buyers to verify the device’s ongoing cybersecurity certification. By scanning the QR code with a smartphone, users can access detailed information about sensor data collection, data sharing, security updates, authentication methods, and more.
The initiative also emphasizes transparency and accountability for manufacturers. The FCC‘s plan calls for the disclosure of whether the device maker shares or sells user data, providing consumers with critical information to make informed decisions. To maintain the Cyber Trust label, smart home product manufacturers will be required to issue security patches as needed, promoting ongoing support and security updates.
While the specific intervals for recertifications are yet to be determined, a senior FCC official mentioned considering annual recertifications as the proposed label undergoes the rule-making process and gathers public input. Third-party labs, such as the Connectivity Standards Alliance and the Consumer Technology Association, are expected to handle the certification process, further reinforcing the program’s credibility.
The Cyber Trust labeling program comes at a time when the demand for secure smart devices is surging, as these devices become increasingly integrated into daily life. With this initiative, the Biden administration aims to drive the market towards building more secure products from the outset, incentivizing companies to prioritize robust security measures. The NIST report serves as a foundation for defining IoT products eligible for the Cyber Trust label, with network-connected devices containing sensors or actuators falling under this category.
The FCC is also addressing cybersecurity concerns related to consumer-grade routers, given the risks they pose to privacy and security in households. The NIST is actively working to establish cybersecurity requirements for these routers by the end of 2023, potentially expanding the labeling program’s coverage to encompass these critical networking devices.
Overall, the Cyber Trust Mark represents a significant step forward in enhancing the cybersecurity posture of smart devices, assuring consumers that their devices meet rigorous security standards and fostering a more secure and trustworthy ecosystem for the rapidly growing Internet of Things (IoT) market.