July 18, 2023—The Biden-Harris Administration announced a cybersecurity certification and labeling program to help Americans more easily choose smart devices that are safer and less vulnerable to cyberattacks. The new “U.S. Cyber Trust Mark” program proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel would raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more. This is the latest example of President Biden’s leadership on behalf of hard-working families—from cracking down on hidden junk fees to strengthening cyber protections and protecting the privacy of people in their own homes.
Several major electronics, appliance, and consumer product manufacturers, retailers, and trade associations have made voluntary commitments to increase cybersecurity for the products they sell. Manufacturers and retailers announcing support and commitments today to further the program include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics. Under the proposed new program, consumers would see a newly created “U.S. Cyber Trust Mark” in the form of a distinct shield logo applied to products meeting established cybersecurity criteria. The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes.
Acting under its authorities to regulate wireless communication devices, the FCC is expected to seek public comment on rolling out the proposed voluntary cybersecurity labeling program, which is expected to be up and running in 2024. As proposed, the program would leverage stakeholder-led efforts to certify and label products based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST) that, for example, require unique and strong default passwords, data protection, software updates, and incident detection capabilities.
Today, the FCC is applying to register a national trademark with the U.S. Patent and Trademark Office that would be applied to products meeting the established cybersecurity criteria. The Administration—including the Cybersecurity and Infrastructure Security Agency—would support the FCC in educating consumers to look for the new label when making purchasing decisions and encouraging major U.S. retailers to prioritize labeled products when placing them on the shelf and online.
To further enhance transparency and competition:
The FCC intends the use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products. Working with other regulators and the U.S. Department of Justice, the Commission plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program.
NIST will also immediately undertake an effort to define cybersecurity requirements for consumer-grade routers—a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords, and attack other devices and high-value networks. NIST will complete this work by the end of 2023 to permit the Commission to consider the use of these requirements to expand the labeling program to cover consumer-grade routers.
The U.S. Department of Energy today also announced a collaborative initiative with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, both essential components of the clean, smart grid of the future.
Internationally, the U.S. Department of State is committed to supporting the FCC to engage allies and partners toward harmonizing standards and pursuing mutual recognition of similar labeling efforts.
This new labeling program would help provide Americans with greater assurance about the cybersecurity of the products they use and rely on in their everyday lives. It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.
As part of the development of the program, the Biden-Harris Administration and FCC will continue to engage stakeholders, regulators, and Congress to fully implement this program and work together to keep Americans safe.
Participants in today’s announcement include Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S.