In a move to bolster cybersecurity protections for American consumers, the Biden-Harris Administration announced on July 18, 2023 it was launching the "US Cyber Trust Mark" program, a new voluntary certification and labeling initiative for smart devices.
Spearheaded by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, the program aims to enhance the cybersecurity of commonly used devices such as smart refrigerators, microwaves, televisions, climate control systems and fitness trackers.
The initiative has already obtained significant support from major electronics, appliance and consumer product manufacturers, as well as various retailers and trade associations. These include Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung Electronics.
Under the proposed program, products meeting established cybersecurity criteria will feature a distinctive shield logo that will empower consumers to make informed decisions about the security of the devices they bring into their homes.
Read more on smart devices' security: Smart Pet Feeders Expose Personal Data
The criteria for certification are set to be based on cybersecurity guidelines published by the US National Institute of Standards and Technology (NIST), including strong default passwords, data protection, software updates and incident detection capabilities.
Using its authority to regulate wireless communication devices, the FCC will seek public input on the rollout of the voluntary cybersecurity labeling program, which is expected to be operational by 2024.
To further support transparency and competition, the FCC plans to incorporate QR codes linking to a national registry of certified devices, providing consumers with specific and comparable security information.
Proactive Pen Testing and Vulnerability Assessments
The program is also scheduled to be extended to cover consumer-grade routers—a high-risk product category—and may include smart meters and power inverters, essential components of the future smart grid.
The US Department of State said it will collaborate with allies and partners to promote international harmonization of standards and recognition of similar labeling efforts.
"This is a great initiative from the US that will significantly help consumers to recognize devices that are deemed safe by the government," commented William Wright, CEO of Closed Door Security.
"However, one caveat to the scheme is the prevalence of zero-day vulnerabilities that can be discovered in devices long after they are marketed to consumers."
According to the executive, this means that all vendors involved in the program must consistently conduct proactive penetration testing and vulnerability assessments on their devices, as well as ensure patches and updates can easily be applied when issues are discovered.
"After all, as the world has seen time and time again recently, what may be deemed safe today, is not a guarantee it will be safe tomorrow."
The unveiling of the US Cyber Trust Mark program comes days after the White House published a plan on July 13 for the implementation of its National Cybersecurity Strategy.