The U.S. will begin rolling out a program to label certain internet-connected products as meeting a basic cybersecurity standard, a White House official said Tuesday.
Called the U.S. Cyber Trust Mark, the initiative is comparable to the “Energy Star“ program, and will label products like baby monitors, fitness trackers and security cameras that have passed a U.S. cybersecurity audit. Products that qualify can legally display the mark on advertising and packaging. The program does not apply to computers or smartphones.
In a call with reporters Tuesday about the program, Anne Neuberger, the White House’s deputy national security adviser for cybersecurity and emerging technology, said that she expects “there will be labeled products on the shelves in 2025.”
Internet of things devices — products ranging from Televisions to refrigerators that are connected to the internet — are frequently hacked, often without their owners even knowing it, and can be used to help power cybercriminal networks. In recent years, the FBI has occasionally gotten legal permission to boot malicious software from home routers that had been hacked in mass campaigns.
The Biden administration, which has seen multiple massive hacking campaigns aimed at Americans and the federal government, has introduced several cybersecurity regulations, but those have faced opposition from courts and businesses. The Cyber Trust Mark program is voluntary, and is designed to persuade the tech market to sell safer products.
“Americans buying home alarm systems and baby monitors need to know hackers can’t disable the alarm system remotely or hack in to watch their babies asleep. Companies need to have an incentive to bake security into products, and the U.S. government wants to give American consumers that confidence,” Neuberger said.
“We know consumers want secure devices. They don’t know how to ask for it. They don’t know how to assess it. So by giving this label, we feel consumers now can say, ‘I know how to get a secure device,’” she said.
Several large electronics retailers, including Best Buy and Amazon, have endorsed the move, according to a White House press release.
While no company can guarantee its devices will never be hacked, there is a wide range of protections that can be built into a product to make it a more difficult target. Companies looking to display the mark can petition to have their products audited by the National Institute of Standards and Technology, which will determine, for example, whether they should encourage customers to choose a strong password or automatically start with the same default password for every product.
The program is overseen by the Federal Communications Commission, which began designing it in 2023.
In its waning days, the Biden administration is also working to finalize an executive order forcing federal agencies to only use products that have qualified for the Cyber Trust Mark starting in 2027, Neuberger said.
