Consumer IoT Devices: Get Ready for the US Cyber Trust Mark
American consumers have benefited in countless ways from Internet of Things (IoT) devices. Unfortunately, cyberattacks have sharply increased in recent years, often through vulnerabilities in IoT devices. In an effort to curb such attacks, the Biden-Harris administration proposed the creation of the US Cyber Trust Mark to help consumers identify products that are less vulnerable to cyberattacks.
The US Cyber Trust Mark will be a voluntary program under which conforming IoT products that meet certain cybersecurity criteria developed by the National Institute of Standards and Technology will be officially certified under a process adopted by the Federal Communications Commission (FCC). Certified products will be permitted to include the US Cyber Trust Mark logo on product packaging alongside a QR code. The QR code will link to a national registry of certified devices to provide consumers with specific and comparable security information about smart products.
The administration plans to educate consumers to look for the new label when buying products and has already started encouraging major US retailers to prioritize labeled products when placing them on the shelf and online. Leading electronics, appliance and consumer product manufacturers have already announced their support for the program.
The details of the US Cyber Trust Mark program are still being developed. Interested parties will have an opportunity to comment on specifics, like the criteria devices must meet to be certified and how the program will be enforced. Proposals are likely to include requirements for unique and strong default passwords, secured data transmissions, access controls, the ability to update software and incident detection capabilities. Also expected are requirements to give consumers the ability to set and change passwords and delete their data. Depending on the specific rules adopted, compliance with the new program could impose significant additional costs on product manufacturers.
The FCC will release a notice of proposed rulemaking (NPRM), which will contain specific proposals for the US Cyber Trust Mark program. Device creators, manufacturers, retailers, consumers and other interested parties will have an opportunity to comment on the proposals in the NPRM. After comments are received, the FCC will vote to adopt the new rules. The program is expected to be up and running in 2024.
For more information about the US Cyber Trust Mark program and the FCC’s proposed implementation, please reach out to one of the Cooley attorneys listed below.