The US Cyber Trust Mark Aims to Label Internet of Things Products Built with Security in Mind

The US Government has officially unveiled a labeling program, known as the US Cyber Trust Mark, which it hopes will ease consumer concerns regarding security, safety, and privacy surrounding smart home and other Internet of Things (IoT) devices.

Originally proposed by Jessica Rosenworcel, chair of the Federal Communications Commission (FCC), the US Cyber Trust Mark will apply to "common devices" ranging from fitness trackers and TV sets to climate control systems, refrigerators, and even microwaves — if they come with integrated IoT connectivity and the ability to link to a smart home network.

"Smart devices make our lives easier and more efficient — from allowing us to check who is at the front door when we're away to helping us keep tabs on our health, remotely adjust the thermostat to save energy, work from home more efficiently, and much more," Rosenworcel explains. "But increased interconnection also brings increased security and privacy risks.

"Today I am proposing that the FCC establish a new cybersecurity labeling program so that consumers will know when devices meet widely accepted security standards. This […] would raise awareness of cybersecurity by helping consumers make smart choices about the devices they bring into their homes, just like the Energy Star program did when it was created to bring attention to energy-efficient appliances and encourage more companies to produce them in the marketplace."

Entirely voluntary at its inception, the US Cyber Trust Mark will be applied only to devices from manufacturers which have agreed to ensure their products meet an agreed standard for security — something which even proponents of the IoT will admit has been somewhat lacking in the past, leading to the old saw that "the 'S' in 'IoT' stands for 'Security.'"

Companies which have confirmed participation in the program, which uses requirements set by the National Institute of Standards and Technologies (NIST) including unique default passwords and ongoing software updates, include Amazon, Google, LG Electronics, Logitech, and Samsung, along with retail giant Best Buy.

The mark itself will be protected as a trademark, the US Government has confirmed, and will include a QR code linked to a national certification registry. Separately, NIST has announced that it is beginning work on security requirements for consumer-grade network routers — with a schedule to have published a standard on the topic by the end of the year.

"This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives," the White House claims in a statement on the move, which won't see labels on products until some time next year. "It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace."

A preview of the mark, in a variety of colors, is available on the FCC website, but it will not be formally launched until the FCC has voted in its favor.