White House announces new program to designate cyber-secure IoT devices
The Biden administration announced its Cyber Trust Mark labeling program to ensure commercial smart home devices have sufficient cybersecurity tech in place.
The Biden administration unveiled new steps Tuesday to ensure that interconnected devices and operating systems are adequately secured with a new Cyber Trust Mark program.
Taking coordinated action with the Federal Communications Commission and participating private sector companies, the Cyber Trust Mark is a labeling program that aims to help U.S. consumers ensure that the product they purchase is guaranteed to be built with a sufficient level of cybersecurity.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology at the National Security Council, told reporters on a Monday call that the administration’s move follows the evolution of interconnected devices and the sensitive data they handle.
“We now routinely rely on internet and Bluetooth-enabled devices for tasks as basic as adjusting our thermostats and as complex as securing our homes while we're away,” she said. “Poorly secured products can enable attackers to gain foothold in American homes and offices and steal data or cause disruption, and, in fact, recent vulnerabilities in these devices have shown just how easily a bad actor can exploit these devices to deploy botnets and conduct surveillance.”
The ubiquitous nature of these smart systems has elevated the need for the U.S. to better fortify its cybersecurity posture. Neuberger said that the Cyber Trust Program will help consumers make informed choices about the cybersecurity products they buy and will work with companies like Google, Best Buy, Logitech, Amazon and Samsung to both ensure inherent cybersecurity and help communicate which devices are secure.
“[The Cyber Trust Mark] will allow Americans to confidently identify which internet and Bluetooth-connected devices are cybersecure,” she said.
A senior administration official also confirmed that the label will include a QR code that details recent product information.
Some of the impacted products include fitness trackers, baby monitors and home thermostats. The products that pass the Cyber Trust Mark standards will bear a label designating them as guaranteed secure.
The program is slated to be launched by late 2024 at online and in-person retailers. It is a voluntary program that offers a seal of government approval and can apply to new and existing devices.
The determination of how to evaluate these products for government approval is still undergoing review. A public comment period is planned to open in the near future to help inform the rules to develop criteria for establishing third-party administrators in the Cyber Trust Mark program.
The administration is also working with the Department of Justice to develop liability protocols for manufacturers working with the Cyber Trust labeling program.
This new initiative is President Joe Biden’s latest step in both enlisting more private sector companies to take part in upgrading the country’s cybersecurity landscape as well as shifting the burden of cybersecurity responsibility from consumers to technology manufacturers.