The Biden Administration has introduced the U.S. Cyber Trust Mark Program, a cybersecurity labeling initiative aimed at providing consumers with better insights into the cybersecurity of the Internet of Things (IoT) products they use.
The program is designed to increase transparency, encourage competition, and incentivize manufacturers to meet higher cybersecurity standards.
Proposed by FCC Chairwoman Jessica Rosenworcel, the U.S. Cyber Trust Mark Program is the first of its kind in the cybersecurity sector and is inspired by the Energy Star program, which promotes energy-efficient appliances.
The program addresses the growing cybersecurity threats affecting IoT devices, with more than 1.5 billion attacks recorded against IoT devices in the first half of 2021 alone.
The number of connected IoT devices is projected to reach over 25 billion by 2030.
Development of the program began with President Biden’s Executive Order 14028, which tasked NIST with recommending requirements for a consumer IoT cybersecurity labeling program.
NIST developed a profile of the IoT core baseline for consumer products, and its recommendations were published in February 2022 under the title “Recommended Criteria for Cybersecurity Labeling for Consumer IoT Products.”
The U.S. Cyber Trust Mark will be displayed on the packaging of eligible devices and consist of two components: a logo with a shield and the words “U.S. Cyber Trust Mark,” and a QR code for continuous device security verification.
Scanning the QR code will link users to a national registry of certified devices, providing up-to-date cybersecurity information.
Currently, the Cyber Trust Mark program is outlined in a Notice of Proposed Rulemaking (NPRM), which defines the voluntary labeling program.
The FCC plans to seek public input on various aspects, including program establishment, device scope, management, security standards, compliance demonstration, and consumer education.
The FCC anticipates that the program could be implemented by late 2024.
In the future, similar initiatives are expected to be introduced by other Federal agencies.
NIST will focus on defining cybersecurity requirements for consumer-grade routers, which are considered higher-risk products.
The U.S. Department of Energy will collaborate with National Labs to develop labeling requirements for smart meters and power inverters, essential components of the smart grid.
Additionally, the U.S. Department of State will work with international partners to harmonize global standards and labeling efforts..