The U.S. government announced Tuesday that its long-awaited cybersecurity labeling program for consumer Internet-connected devices will begin in 2025.
The Biden administration first introduced the US Cyber Trust Mark in June 2023, saying the voluntary marking program would “raise the bar” for internet-connected devices, allowing Americans to make informed decisions about device security that they buy. While the initiative was originally scheduled to launch in late 2024, the White House has confirmed that the program will now be “open for business” this year.
No exact launch date was given, but the announcement says companies will “soon” be able to submit their products to one of 11 approved companies for testing to earn the label, with plans for certified products to hit store shelves. stores in 2025.
The voluntary Cyber Trust Mark program has been likened to the “Energy Star” initiative, a voluntary labeling program designed to identify and promote energy-efficient products. Similarly, the Cyber Trust Mark aims to improve the security of consumer internet-connected devices, including routers, home security cameras, smart speakers and baby monitors, which often ship with easy-to-guess default passwords and no promise of continuous security updates.
The White House said retailers including Best Buy and Amazon will mark products with the US Cyber Trust mark, which will take the form of a QR code that consumers can scan for security details in the product’s cyberspace, such as the support period for the product and whether security updates are installed automatically.
In a call with reporters on Tuesday that TechCrunch participated in, US Deputy National Security Adviser for Cyberspace and Emerging Technology Anne Neuberger said the Biden administration has also finalized an executive order that would require the US government to only purchases products certified with the Cyber Trust Mark starting in 2027.
Products that receive the Cyber Trust Mark must adhere to a set of cybersecurity standards developed by the National Institute of Standards and Technology (NIST), including what the White House in 2023 described as “unique and strong default passwords, data protection, software updates, and event detection capabilities.”
The full set of standards has not yet been published, but NIST has begun work making recommendations for “high-risk” consumer-grade routers, which are often targeted by hackers.
Neuberger said the second phase of the Cyber Trust Mark will see the program aimed at improving the security of routers used and marketed for small offices and home offices. In recent years, these so-called SOHO routers have become an attractive target for botnet creators, who use the compromised internet bandwidth from the device to launch denial-of-service attacks. Neuberger did not say when the second phase of the initiative would begin.
Zack Whittaker contributed reporting.
