The U.S. government announced Tuesday that it will launch a long-awaited cybersecurity labeling program for consumer internet-connected devices in 2025.
The Biden administration first introduced the U.S. Cybertrust Mark in June 2023, a voluntary labeling program to help Americans make informed decisions about the security of the devices they purchase and connect them to the internet. He said it would “raise the bar” for devices. The initiative was originally scheduled to begin in late 2024, but the White House confirmed that the program would be “open for business” this year.
Although the exact launch date was not disclosed, the announcement said that companies will be able to submit their products “soon” to one of 11 companies approved for testing to obtain a label, and will be available in 2025. It is stated that certified products will be available in stores in 2020.
The voluntary Cyber Trust Mark program has been likened to the “Energy Star” initiative, a voluntary labeling program designed to identify and promote energy-efficient products. Similarly, the Cyber Trust Mark is intended to improve the security of consumer Internet-connected devices such as routers, home security cameras, smart speakers, and baby monitors, but these devices include easy-to-guess They often ship with default passwords, and there is no guarantee that the password will be guaranteed. Continuous security updates.
The White House said retailers including Best Buy and Amazon will highlight products bearing the U.S. Cybertrust mark. The mark takes the form of a QR code that consumers can scan to learn more about the product's cybersecurity, including support. Product duration and whether security updates are automatically installed.
In a call with reporters on Tuesday, which was also attended by TechCrunch, U.S. Vice President for National Security Advisor for Cyber and Emerging Technologies Ann Neuberger said the Biden administration will also only purchase products certified with the Cybertrust Mark. He said he was finalizing an executive order requiring the U.S. government to do so. It starts in 2027.
Products bearing the Cyber Trust Mark label must comply with a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST). This includes what the White House described as “unique and strong default passwords, data protection, and software updates” in 2023. , incident detection function. ”
Although the complete set of standards has not yet been published, NIST has begun work to establish recommendations for “high-risk” consumer-grade routers that are often targeted by hackers.
Neuberger said the second phase of CyberTrustmark will be a program aimed at improving the security of routers used and sold to small and home offices. In recent years, these so-called SOHO routers have become attractive targets for botnet creators who use the devices' hijacked Internet bandwidth to launch denial-of-service attacks. Neuberger did not say when the second phase of the initiative would begin.
Zack Whittaker contributed reporting.