White House, FCC advance efforts to add security labels to connected devices

Smart devices have become a popular target for hackers due to lax industry security standards, something that the Biden program is hoping to turn around.
Google smart home devices were demonstrated during the Consumer Electronics Show in Las Vegas on Jan. 5. (Photo by Patrick T. Fallon/AFP/Getty Images)

The White House and the Federal Communications Commission on Tuesday announced a cybersecurity certification and labeling program designed to make it easier for Americans to evaluate the security of connected home devices.

The U.S. Cyber Trust Mark program will be applied to “smart” internet-connected devices ranging from baby monitors to fitness trackers that have become popular targets for hackers due to lax industry security standards, something that the Biden program is hoping to turn around.

“We see the risks adversaries pose, and we really understand the critical need to protect the devices we rely on,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology.

Devices that meet the voluntary cybersecurity guidelines will be labeled with the program’s shield logo which will include a QR code linking to a registry of certified devices and security information about the programs.


The program will draw from the National Institute of Standards and Technology cybersecurity recommendations, including the requirement of unique and strong default passwords, data protection, software updates and incident detection capabilities. Officials noted that the program is similar to the Energy Star labeling program the Environmental Protection Agency and the Department of Energy operate to promote energy efficiency.

“The goal is to make this something that consumers look for in the marketplace and that product manufacturers want to use,” said FCC Chairwoman Jessica Rosenworcel.

As part of the program, NIST will also define specific cybersecurity requirements for consumer-grade routers, another frequent hacker target. The requirements are expected to be reported to the FCC by the end of the year. The Department of Energy will research and develop a cybersecurity labeling requirement for smart meters and power inverters.

The initiative was previewed in a workshop with industry leaders and government officials last fall, as first reported by CyberScoop. The White House initially said it expected to roll out its first set of standards for the program in spring 2023.

The FCC will seek public comment on the program, which is expected to launch in 2024. The rulemaking will explore what liability there might be for manufacturers participating in the program that fails to comply with the standards, a senior FCC official told reporters.


Manufacturers and retailers that have announced support of the program include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech and Samsung.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts