Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.
The White House launched the U.S. Cyber Trust Mark on Tuesday, a voluntary labeling program to alert consumers about the security of interconnected smart devices in their homes and businesses.
The program was designed as a way to incentivize manufacturers to create more secure devices at the design and development stage, particularly given the increased use of connected products such as smart televisions, security camera systems and voice-activated assistants.
However, U.S. authorities have raised serious concerns in recent years that the widespread use of connected products is opening critical businesses and everyday American consumers up to criminal and state-linked threats, including botnets and other malicious actions.
A recent Deloitte study shows the average U.S. household currently uses 21 connected devices, Anne Neuberger, deputy national security advisor for cyber and emerging technologies at the White House, noted Tuesday during a media briefing.
While the products offer immense benefits, “each of these devices presents a digital door that motivated cyberattackers are eager to enter,” Neuberger told reporters during the conference call.
Neuberger said the White House is working on an executive order that will limit federal purchasing to products that meet the standard under the U.S. Cyber Trust Mark program starting in 2027.
“So we want to signal and prime the pump with our own, you know, major tech purchases of the U.S. government that this is the way we move the Internet of Things market to be more secure,” Neuberger said.
The U.S. Cyber Trust Mark program was passed by the Federal Communications Commission in a bipartisan, unanimous vote in 2024 and is considered a key part of the Biden administration’s national cybersecurity strategy.
The FCC cited data showing 25 billion connected devices would be in use by 2030. The agency also cited third-party reports showing 1.5 billion attacks were attempted against IoT devices during the first half of 2021.
The proliferation of devices expands the attack surface and creates fuel for potential botnets.
The FBI in September disrupted a botnet backed by a state-linked threat group called Flax Typhoon year that abused connected devices, including storage devices and video recorders, to launch cyber espionage attacks against thousands of targets.
How the program works
Cyber Trust Mark is designed to operate in a similar manner as the Energy Star program that was created to rate the energy efficiency of air conditioners, refrigerators, dishwashers and heat pumps.
Retailers like Best Buy and Amazon will work with the program to highlight products with the Cyber Trust Mark label. The U.S. and European Union also have an agreement to recognize trusted digital products within their respective markets.
The Cyber Trust Mark will also inform consumers whether manufacturers will stand by their products with software updates and for how long, according to Justin Brookman, director of technology policy at Consumer Reports. In recent years, hackers have increasingly targeted end-of-life products, because they no longer receive bug fixes in their software updates.
The FCC in December said 11 companies were conditionally approved as cybersecurity label administrators and UL Solutions will serve as lead administrator.
Manufacturers will be able to submit connected products for testing using criteria established by the National Institute of Standards and Technology. If the products meet or surpass security standards, they will get a U.S. Cyber Trust Mark approval.
Get the free daily newsletter read by industry experts
As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.
Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.
Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.
The free newsletter covering the top industry headlines
About The Author
More Stories
Community Snapshot—May
From Refugee to Digital Leader: How Justin Is Helping to Connect Rhino Camp
The World Cup of Internet Resilience