Announced last October, the US government formally launched this week its cyber-security certification and labelling programme to help Americans more easily choose smart devices that are safer and less vulnerable to cyber attacks.

The US Cyber Trust Mark programme proposed by Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel should raise the bar for cyber security across common devices, including smart refrigerators, microwaves, televisions, climate control systems, fitness trackers and more.

Several major electronics, appliance and consumer product manufacturers, retailers and trade associations have made voluntary commitments to increase cyber security for the products they sell. Manufacturers and retailers announcing support and commitments this week to further the programme include Amazon, Best Buy, Google, LG Electronics, Logitech and Samsung.

Under the proposed programme, consumers will see a US Cyber Trust Mark in the form of a distinct shield logo applied to products meeting established cyber-security criteria. The goal of the programme is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes.

Acting under its authorities to regulate wireless communication devices, the FCC is expected to seek public comment on rolling out the proposed voluntary cyber-security labelling programme, which is expected to be up and running in 2024. As proposed, the programme would leverage stakeholder-led efforts to certify and label products, based on specific cyber-security criteria published by the National Institute of Standards & Technology (Nist) that, for example, require unique and strong default passwords, data protection, software updates, and incident detection capabilities.

The FCC is applying to register a national trademark with the US Patent & Trademark Office that would be applied to products meeting the established cyber-security criteria. The government – including the Cybersecurity & Infrastructure Security Agency – will support the FCC in educating consumers to look for the new label when making purchasing decisions, and encouraging major US retailers to prioritise labelled products when placing them on the shelf and online.

The FCC plans to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products. Working with other regulators and the US Department of Justice, the commission wants to establish oversight and enforcement safeguards to maintain trust and confidence in the programme.

Nist will also immediately undertake an effort to define cyber-security requirements for consumer-grade routers, a higher-risk type of product that, if compromised, can be used to eavesdrop, steal passwords and attack other devices and high value networks. Nist will complete this work by the end of 2023, to permit the commission to consider use of these requirements to expand the labelling programme to cover consumer grade routers.

The US Department of Energy has also announced a collaborative initiative with National Labs and industry partners to research and develop cyber-security labelling requirements for smart meters and power inverters, both essential components of a clean, smart grid.

Internationally, the US Department of State is committed to supporting the FCC to engage allies and partners towards harmonising standards and pursuing mutual recognition of similar labelling efforts.

This labelling programme should help provide Americans with greater assurances about the cyber security of the products they use and rely on in their everyday lives. It should also be beneficial for businesses, as it will help differentiate trustworthy products in the marketplace.

As part of the development of the programme, the government and FCC will continue to engage stakeholders, regulators and Congress to implement this programme and work together to keep Americans safe.

Participants in this announcement include Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, Information Technology Industry Council, IoXT, KeySight, LG Electronics, Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, Underwriters Laboratories, Yale and August US.

“Security is crucial for the IoT,” said Thomas Rosteck, president of connected secure systems at Infineon. “Without sufficient cyber security, there cannot be any IoT. As a leading provider of semiconductors for security and IoT devices, Infineon welcomes the step the US government has made and fully supports programmes to boost cyber security for the IoT. The US label is a significant milestone towards strong global cyber-security standards. We believe the implementation of this programme will empower consumers and further boost the adoption of IoT products in the USA and beyond.”

• See also: Keysight joins labelling initiative.