The Biden Administration is launching a new cybersecurity certification and labeling program for smart home devices designed to help Americans choose smart devices that are less vulnerable to cyberattacks.
The program, first proposed by Federal Communications Commission Chairwoman Jessica Rosenworcel, seeks to raise the bar for cybersecurity across several categories of smart home devices, including smart refrigerators, smart microwaves, smart TVs, smart climate control systems, smart fitness trackers ad more.
According to the Biden Administration, several major manufacturers, retailers and trade associations have already made voluntary commitments to increase cybersecurity for their smart home products, and manufacturers and retailers announcing their support and commitments today include Amazon, Best Buy, Google, LG, Logitech and Samsung.
As part of the new program, consumers will see a “U.S. Cyber Trust Mark” in the form of a distinct shield logo applied to products meeting established cybersecurity criteria, according to the White House. This is designed to help consumers make informed decisions about the security of products they choose to bring into their homes and connect to their home networks.
The FCC will soon begin seeking public comment on the proposed voluntary cybersecurity labeling program, which is expected to be up and running in 2024.
The proposed program would leverage stakeholder-led efforts to certify and label products, based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST) that, for example, requires unique and strong default passwords, data protection, software updates, and incident detection capabilities.
Cyber Trust Mark the ‘Energy Star for Smart Home, IoT’ Cybersecurity
The program will essentially certify the security of devices for consumers, similar to how the Energy Star label is affixed to energy-efficient devices.
In support of the proposed program, the FCC is applying to register a national trademark with the U.S. Patent and Trademark Office that would be applied to products meeting the established cybersecurity criteria. The Administration—including the Cybersecurity and Infrastructure Security Agency—would support the FCC in educating consumers to look for the new label when making purchasing decisions, and encouraging major U.S. retailers to prioritize labeled products when placing them on the shelf and online, according to officials.
In speaking on the Cyber Trust Mark Program the FCC wants to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about smart products. The FCC, in partnership with the U.S. Department of Justice and other regulators, wants to establish oversight and enforce safeguards to maintain trust and confidence in the program.
In addition, NIST will begin defining cybersecurity requirements for consumer-grade routers, which officials identify as a higher-risk type of product that can be compromised to eavesdrop, steal passwords and attack other devices and high-value networks. NIST will complete this work by the end of the year and will allow the Commission to consider the use of these new requirements to expand to consumer-grade routers.
The U.S. Department of Energy today also announced a collaborative initiative with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, both essential components of the clean, smart grid of the future.
Internationally, the U.S. Department of State will support the FCC to engage allies and partners toward harmonizing standards and pursuing mutual recognition of similar labeling efforts.
As part of the development of the program, the Biden-Harris Administration and FCC will continue to engage stakeholders, regulators, and Congress to fully implement this program and work together to keep Americans safe, according to the White House.
Participants in the announcement include some of the largest and most notable manufacturers of smart home devices, as well as retailers, trade groups, researchers and more. The list includes Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S.
In February of this year, the Connectivity Standards Alliance had announced its own data privacy group for smart home as a means of industry self-regulation and transparency over consumer data usage among smart home devices.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!