The U.S. government announced Tuesday that its long-awaited cybersecurity labeling program for consumer Internet-connected devices will begin in 2025.
The Biden administration First US Cyber Trust Mark launched In June 2023, the voluntary labeling program was said to “raise the bar” for Internet-connected devices by enabling Americans to make informed decisions about the safety of the devices they buy. While the initiative was initially slated to launch in late 2024, the White House has confirmed that the program will now be “open for business” this year.
No exact launch date was given, but the announcement said companies will “soon” be able to submit their products to one of 11 companies approved for testing to earn the label, with plans for certified products to hit store shelves in 2025.
The voluntary CyberTrust Mark program has been compared to the “Energy Star” initiative, a voluntary labeling program designed to identify and promote energy-efficient products. Similarly, the Cyber Trust Mark aims to improve the security of consumer-grade Internet-connected devices, including routers, home security cameras, smart speakers and baby monitors, which often ship with easy-to-guess default passwords and no promises. Continuous security updates.
The White House said retailers including Best Buy and Amazon will highlight products that carry the US Cyber Trust Mark, which will take the form of a QR code that consumers can scan for details about the product's cybersecurity, such as support periods for products and automatic installation of security updates. whether
In a call with reporters on Tuesday, which was joined by TechCrunch, Annie Neuberger, US deputy national security adviser for cyber and emerging technologies, said the Biden administration is also finalizing an executive order that would require the US government to buy only products certified with the Cyber Trust Mark. Starting in 2027.
Products that receive the Cyber Trust Mark label must adhere to a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST), including what the White House describes as “unique and strong default passwords, data protection, software updates” by 2023. , and event detection capabilities.”
The full set of standards has not yet been published, but NIST has begun work Establish recommendations For “high risk” consumer-grade routers, which are often targeted by hackers.
Newberger said the second phase of the CyberTrust Mark program will aim to improve the security of routers used and marketed for small offices and home offices. In recent years, this has become an attractive target for so-called SOHO routers botnet Manufacturers, who use the hijacked internet bandwidth of the device to launch Denial-of-service attack. Neuberger did not say when the second phase of the initiative would begin.
Jack Whittaker contributed reporting.