The White House launched the U.S. Cyber Trust Mark on Tuesday, a voluntary labeling program to alert consumers about the security of interconnected smart devices in their homes and businesses.
The program was designed as a way to incentivize manufacturers to create more secure devices at the design and development stage, particularly given the increased use of connected products such as smart televisions, security camera systems and voice-activated assistants.
However, U.S. authorities have raised serious concerns in recent years that the widespread use of connected products is opening critical businesses and everyday American consumers up to criminal and state-linked threats, including botnets and other malicious actions.
A recent Deloitte study shows the average U.S. household currently uses 21 connected devices, Anne Neuberger, deputy national security advisor for cyber and emerging technologies at the White House, noted Tuesday during a media briefing.
While the products offer immense benefits, “each of these devices presents a digital door that motivated cyberattackers are eager to enter,” Neuberger told reporters during the conference call.
Neuberger said the White House is working on an executive order that will limit federal purchasing to products that meet the standard under the U.S. Cyber Trust Mark program starting in 2027.
“So we want to signal and prime the pump with our own, you know, major tech purchases of the U.S. government that this is the way we move the Internet of Things market to be more secure,” Neuberger said.
The U.S. Cyber Trust Mark program was passed by the Federal Communications Commission in a bipartisan, unanimous vote in 2024 and is considered a key part of the Biden administration’s national cybersecurity strategy.
The FCC cited data showing 25 billion connected devices would be in use by 2030. The agency also cited third-party reports showing 1.5 billion attacks were attempted against IoT devices during the first half of 2021.
The proliferation of devices expands the attack surface and creates fuel for potential botnets.
The FBI in September disrupted a botnet backed by a state-linked threat group called Flax Typhoon year that abused connected devices, including storage devices and video recorders, to launch cyber espionage attacks against thousands of targets.
How the program works
Cyber Trust Mark is designed to operate in a similar manner as the Energy Star program that was created to rate the energy efficiency of air conditioners, refrigerators, dishwashers and heat pumps.
Retailers like Best Buy and Amazon will work with the program to highlight products with the Cyber Trust Mark label. The U.S. and European Union also have an agreement to recognize trusted digital products within their respective markets.
The Cyber Trust Mark will also inform consumers whether manufacturers will stand by their products with software updates and for how long, according to Justin Brookman, director of technology policy at Consumer Reports. In recent years, hackers have increasingly targeted end-of-life products, because they no longer receive bug fixes in their software updates.
The FCC in December said 11 companies were conditionally approved as cybersecurity label administrators and UL Solutions will serve as lead administrator.
Manufacturers will be able to submit connected products for testing using criteria established by the National Institute of Standards and Technology. If the products meet or surpass security standards, they will get a U.S. Cyber Trust Mark approval.
