In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance transparency and protection against cyber threats in the growing Internet of Things (“IoT”) device space.
This program is the first of its kind in the cybersecurity sector and builds upon the National Institute of Standards and Technology’s (“NIST”) recent efforts to develop criteria for such a program as called for in Executive Order 14028, Improving the Nation’s Cybersecurity. The labeling program currently is voluntary for IoT device manufacturers, but aims to create incentives for manufacturers to meet higher cybersecurity standards. Several major companies have already committed to participating in this program, as noted in the White House announcement.
The U.S. Cyber Trust Mark will appear on the packaging of eligible devices as a picture of a shield with a QR code that can be scanned to link users to a national registry of certified devices, which will contain up-to-date security information about the device.
This program proposal is described in a Notice of Proposed Rulemaking (“NPRM”) and, if adopted by the FCC, will be opened for a public comment period on the proposal. The FCC anticipates that this program could be implemented by late 2024. Once implemented, the Cybersecurity and Infrastructure Security Agency (“CISA”) will work with the FCC to encourage major U.S. retailers to prioritize products bearing the U.S. Cyber Trust Mark Label in the marketplace.
For more information on the U.S. Cyber Trust Mark, see our recent article on Sheppard Mullin’s Government Contracts Law Blog.
Putting it into practice: While this program is still in its preliminary stages, consumers and manufacturers can expect to see it move forward and provide momentum for similar labeling initiatives from other Federal agencies. Companies that manufacture smart devices may consider taking a detailed look at the security posture of their IoT products and consider participating in the program or other data security initiatives. The Sheppard Mullin team will continue to track updates to this program, as well as other Federal cybersecurity initiatives.