Consumer smart devices will soon display new cybersecurity certification labels, according to a White House spokesperson’s announcement on Tuesday.
Following extensive development, the White House has officially launched the U.S. Cyber Trust Mark program, designed to enhance transparency regarding cybersecurity features in consumer devices.
Under this optional certification scheme, manufacturers of internet-connected smart devices, including everything from baby monitors to home security systems, can subject their products to cybersecurity evaluations. Successfully certified products will display a distinctive shield emblem, indicating compliance with federal cybersecurity requirements.
The initiative received unanimous bipartisan endorsement from the Federal Communications Commission’s (FCC) five commissioners in March, who authorized the program and established its regulatory framework.
Recently, the FCC granted approval to 11 organizations to serve as Cybersecurity Label Administrators, with UL Solutions designated as the primary administrator.
During Tuesday’s press briefing, Anne Neuberger, deputy national security adviser for cyber, revealed plans for an executive order mandating that federal agencies exclusively purchase Cyber Trust Mark certified devices starting in 2027.
Neuberger highlighted research indicating that typical American households now contain approximately 21 connected or smart devices, encompassing various appliances from water heaters to smart refrigerators.
“These connected devices represent potential security vulnerabilities that cybercriminals actively seek to exploit,” she explained, referencing several notable security breaches involving IoT devices in recent years.
“We’ve witnessed instances where criminals have gained unauthorized access to home systems, sharing captured footage publicly. This has created widespread concern. Many consumers lack confidence in connecting devices at home, worried about the security of their personal data and communications. This bipartisan, voluntary program addresses these concerns directly.”
She noted that while both the U.S. and European markets have existing certification systems for product functionality and safety, no comparable standard exists for cybersecurity.
This certification gap has resulted in widespread deployment of billions of devices in residential and commercial settings without adequate cybersecurity measures. Law enforcement agencies in the United States have frequently been forced to dismantle extensive botnets that exploit these security vulnerabilities in internet-connected devices.
IoT devices have increasingly become prime targets for malicious actors, particularly nation-state groups and cybercriminal organizations looking to establish powerful botnets for launching large-scale cyber attacks. According to FCC-cited third-party research, IoT devices faced over 1.5 billion attack attempts during just the first half of 2021.
Drawing a parallel to the familiar EnergyStar efficiency ratings found on household appliances, Neuberger explained that the Cyber Trust Mark program will serve two key purposes: encouraging manufacturers to develop products with robust security features aligned with established standards, while providing consumers with an easily recognizable indicator of cybersecurity for devices like home security systems and baby monitors.
Device certification will involve testing against comprehensive cybersecurity criteria established by the National Institute of Standards and Technology. Key assessment areas include the ability to modify default passwords, availability of software updates, and security measures protecting user data both on the device and during cloud transmission.
Justin Brookman from Consumer Reports emphasized that the certification will also provide transparency regarding manufacturers’ commitment to long-term device security through ongoing software updates.
Oversight and enforcement protocols for the program will be jointly established by CISA, the FCC, and Department of Justice regulators.
The initiative, which the White House introduced in 2023, has garnered support from major retail and technology companies including Amazon, Best Buy, Google, Logitech, and Samsung.
Steve Downer, Amazon’s vice president, expressed support for the program, stating, “Amazon endorses the U.S. Cyber Trust Mark’s mission to enhance consumer confidence in connected devices. We believe shoppers will appreciate seeing the U.S. Cyber Trust Mark both on physical packaging and during online shopping.”
According to White House officials, manufacturers can soon begin submitting their products for certification testing, with major retailers like Amazon and Best Buy committed to featuring certified products prominently.
Neuberger expressed optimism about the program’s future impact, hoping to see consumers actively seeking products bearing the certification label.
