Enhancing Cybersecurity Labeling for Internet of Things (IoT) Devices: The U.S. Cyber Trust Mark Program

In an effort to provide consumers with better information regarding the cybersecurity of IoT products, the Biden Administration has introduced the U.S. Cyber Trust Mark Program. This initiative aims to increase transparency, promote competition, and incentivize manufacturers to meet higher cybersecurity standards.

Proposed by FCC Chairwoman Jessica Rosenworcel, the U.S. Cyber Trust Mark Program is a unique cybersecurity labeling initiative inspired by the Energy Star program. The program aims to address the growing threats faced by IoT devices, with over 1.5 billion attacks recorded in the first half of 2021 alone. It is projected that the number of connected IoT devices will surpass 25 billion by 2030.

The development of the program was initiated through President Biden’s Executive Order 14028, which tasked NIST with recommending requirements for a consumer IoT cybersecurity labeling program. NIST’s recommendations, titled “Recommended Criteria for Cybersecurity Labeling for Consumer IoT Products,” were published in February 2022.

The U.S. Cyber Trust Mark will be prominently displayed on packaging of eligible devices and will consist of a logo with a shield and the words “U.S. Cyber Trust Mark,” along with a QR code for continuous device security verification. By scanning the QR code, users will be directed to a national registry of certified devices, providing real-time cybersecurity information.

Currently, the Cyber Trust Mark program is outlined in a Notice of Proposed Rulemaking (NPRM), which defines the voluntary labeling program. The FCC plans to gather input from the public on various aspects, including program establishment, device scope, management, security standards, compliance demonstration, and consumer education. The program is expected to be implemented by late 2024.

Moving forward, other Federal agencies are expected to introduce similar initiatives. NIST will focus on defining cybersecurity requirements for consumer-grade routers, which are considered higher-risk products. The U.S. Department of Energy will collaborate with National Labs to develop labeling requirements for smart meters and power inverters, essential components of the smart grid. Additionally, the U.S. Department of State will work with international partners to align global standards and labeling efforts.

Leave a Reply

Your email address will not be published. Required fields are marked *