IoT Devices Security Certification Program by White House Activated

IoT Devices Security Certification Program by White House Activated

The Federal Communications Commission (FCC) has introduced the U.S. Cyber Trust Mark, a voluntary labeling program designed to enhance the cybersecurity of interconnected smart devices. The initiative aims to encourage manufacturers to prioritise security in their products, particularly for smart televisions, security camera systems, and voice-activated assistants.

The program operates similarly to the Energy Star program, rating the energy efficiency of appliances. Eleven companies have been conditionally approved as cybersecurity label administrators by the FCC, with UL Solutions serving as the lead administrator.

To obtain the U.S. Cyber Trust Mark label, manufacturers must apply to an FCC-authorized labeling administrator, undergo a comprehensive cybersecurity evaluation based on National Institute of Standards and Technology (NIST) standards, and earn certification to display the label on compliant IoT smart devices.

The devices must meet a set of robust security controls as defined by NIST frameworks, ensuring security throughout the product lifecycle, including proper management of software updates, protection against default weak credentials, transparency about security support periods, and secure device design to prevent exploitation by attackers.

The program is intended to set high benchmarks that promote consumer trust and reduce vulnerabilities in IoT products. Retailers like Best Buy and Amazon will work with the program to highlight products with the Cyber Trust Mark label.

The White House is also working on an executive order that will limit federal purchasing to products that meet the standard under the U.S. Cyber Trust Mark program starting in 2027. The U.S. and European Union have an agreement to recognise trusted digital products within their respective markets.

The increasing use of connected products has raised concerns about exposing businesses and consumers to criminal and state-linked threats. The U.S. Cyber Trust Mark program is considered a key part of the Biden administration's national cybersecurity strategy.

Anne Neuberger, deputy national security advisor for cyber and emerging technologies at the White House, noted that each of these devices presents a potential digital door for cyberattackers. The program's implementation is conducted under strict national security oversight at the FCC, as there have been recent internal reviews to ensure the program does not introduce unforeseen risks.

According to a recent Deloitte study, the average U.S. household currently uses 21 connected devices. The FCC cited data showing 25 billion connected devices would be in use by 2030. The Cyber Trust Mark will inform consumers whether manufacturers will stand by their products with software updates and for how long.

In September, the FBI disrupted a botnet backed by a state-linked threat group called Flax Typhoon, which abused connected devices including storage devices and video recorders. Hackers have increasingly targeted end-of-life products, as they no longer receive bug fixes in their software updates. The Cyber Trust Mark program is aimed at protecting consumers from such risks.

[1] FCC Press Release, "FCC Announces U.S. Cybersecurity Labeling Program for Interconnected Smart Devices," 2024. [2] White House Fact Sheet, "U.S. Cyber Trust Mark Program," 2024. [3] Intertek Press Release, "Intertek to Support Manufacturers in Achieving U.S. Cyber Trust Mark Certification," 2024.

1. The U.S. Cyber Trust Mark program, similar to the Energy Star program, aims to rate the cybersecurity of interconnected smart devices, encouraging manufacturers to prioritize security in their products, such as smart televisions, security camera systems, and voice-activated assistants.
2. To earn the U.S. Cyber Trust Mark label, manufacturers must apply to an FCC-authorized labeling administrator, undergo a comprehensive cybersecurity evaluation based on National Institute of Standards and Technology (NIST) standards, and meet a set of robust security controls as defined by NIST frameworks.
3. The implementation of the U.S. Cyber Trust Mark program is conducted under strict national security oversight at the FCC, as it is considered a key part of the Biden administration's national cybersecurity strategy, aimed at reducing vulnerabilities in IoT products, promoting consumer trust, and protecting businesses and consumers from cyberattacks.

Read also: