Staff report
Washington, D.C. – July 18, 2023
The Biden-Harris Administration has unveiled a new cybersecurity certification and labeling program aimed at safeguarding American consumers against cyberattacks on smart devices. The program, called the “U.S. Cyber Trust Mark,” will provide a clear indication of a product’s cybersecurity level, allowing consumers to make informed decisions about the devices they purchase.
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposed the “U.S. Cyber Trust Mark” program, which seeks to enhance cybersecurity standards across a range of common devices such as smart refrigerators, microwaves, televisions, climate control systems, and fitness trackers. President Biden’s administration has prioritized the protection of hard-working families, taking significant steps to strengthen cyber protections, crack down on hidden fees, and safeguard privacy in homes.
Leading electronics, appliance, and consumer product manufacturers, as well as retailers and trade associations, have voluntarily committed to increasing cybersecurity measures for the products they sell. Major industry players such as Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics have announced their support for the program and made commitments to further enhance cybersecurity.
Under the proposed program, products meeting established cybersecurity criteria would display a newly created “U.S. Cyber Trust Mark” in the form of a distinct shield logo. This labeling aims to empower consumers to make informed decisions regarding the security of the devices they bring into their homes.
The FCC, exercising its authority over wireless communication devices, is expected to solicit public input on the proposed voluntary cybersecurity labeling program, with an anticipated launch in 2024. The program will rely on stakeholder-led efforts to certify and label products based on specific cybersecurity criteria outlined by the National Institute of Standards and Technology (NIST). These criteria include requirements for unique and robust default passwords, data protection, software updates, and incident detection capabilities.
The FCC is currently applying to register a national trademark with the U.S. Patent and Trademark Office for products meeting the established cybersecurity criteria. The administration, including the Cybersecurity and Infrastructure Security Agency, will collaborate with the FCC to educate consumers about the new label and encourage major U.S. retailers to prioritize labeled products both in-store and online.
To promote transparency and competition, the FCC plans to incorporate a QR code on labeled products, which will link to a national registry providing consumers with specific and comparable security information. The commission, in coordination with other regulators and the U.S. Department of Justice, intends to establish oversight and enforcement measures to maintain trust and confidence in the program.
Additionally, the NIST will define cybersecurity requirements for consumer-grade routers, a high-risk product that, if compromised, can be exploited for eavesdropping, password theft, and attacking other devices and networks. Completion of this work is expected by the end of 2023, allowing the FCC to consider expanding the labeling program to include consumer-grade routers.
In a related announcement, the U.S. Department of Energy revealed a collaborative initiative with National Labs and industry partners to develop cybersecurity labeling requirements for smart meters and power inverters. These components play a crucial role in the clean, smart grid of the future.
On an international level, the U.S. Department of State commits to supporting the FCC in engaging allies and partners to align standards and pursue mutual recognition of similar labeling efforts.
The introduction of the cybersecurity labeling program aims to provide Americans with greater assurance about the security of the smart devices they rely on in their daily lives. Moreover, it will serve as a valuable tool for businesses to differentiate trustworthy products in the marketplace.
The Biden-Harris Administration and the FCC will continue engaging stakeholders, regulators, and Congress to fully implement the program and collaborate in ensuring the safety of the American public.
Notable participants in today’s announcement include Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale, and August U.S.
About the U.S. Cyber Trust Mark Program: The “U.S. Cyber Trust Mark” program is a voluntary cybersecurity certification and labeling initiative proposed by the Federal Communications Commission (FCC) to raise cybersecurity standards for smart devices. The program aims to empower consumers to make informed decisions about the security of the products they purchase and protect them from cyberattacks. The program involves major electronics and appliance manufacturers, retailers, and trade associations committed to enhancing cybersecurity measures.
