Consumer products to get 'Cyber Trust' marks in 2025, White House says

New cybersecurity labels will appear on consumer smart devices at some point this year, a White House official told reporters on Tuesday. 

The White House officially unveiled the U.S. Cyber Trust Mark this week after years of preparation, paving the way for consumers to know more about the cybersecurity protections on the devices they purchase. 

The voluntary program will allow companies manufacturing wireless interconnected smart products like baby monitors and security systems to undergo cybersecurity audits. The products would then have a distinct shield logo signifying that they meet federal cybersecurity standards. 

The label was approved in a bipartisan unanimous vote last March by the five Federal Communications Commission (FCC) commissioners, who authorized the program and adopted the final rules.  

Last month, the FCC approved 11 companies that will serve as Cybersecurity Label Administrators, including UL Solutions as the lead administrator. 

Anne Neuberger, deputy national security adviser for cyber, told reporters on Tuesday the White House plans to also release an executive order saying that beginning in 2027 the federal government will only buy devices that have the Cyber Trust Mark label on them. 

Neuberger explained that recent studies show most American households have about 21 connected or smart devices, ranging from water heaters to refrigerators and more.

“Each one of these devices presents a digital door that motivated cyber attackers are eager to enter,” she said, pointing to several security fiascos in recent years involving internet-connected devices. 

“We've seen other cases of criminals tapping into homes remotely and making those videos available collectively. We know Americans are afraid. Consumers don't have the confidence that they can connect a device at home and know that their private pictures and communications will be secure, so this program takes on that problem in a bipartisan and voluntary way.”

Both the U.S. and Europe have other kinds of labels for products that certify they will work appropriately and safely but nothing similar has been developed for cybersecurity, she said. 

This lack of certification has led to an environment where billions of devices are used in homes and businesses that do not have adequate cyber protections. U.S. law enforcement agencies have repeatedly taken down massive botnets that exploit the poor security protections of internet-connected devices. 

Internet of Things (IoT) devices have become frequent targets for hackers, particularly nation-states and criminals seeking to build powerful botnets that allow them to launch larger attacks. The FCC has previously cited third-party estimates that there were more than 1.5 billion attacks against IoT devices in the first six months of 2021 alone.

Comparing it to the EnergyStar efficiency label on many home appliances, Neuberger said the Cyber Trust Mark will “incentivize companies to build products securely against established security standards” and give consumers “an easy way to check if a home alarm system or baby monitor is cyber safe via a label.”

The program will test devices against established cybersecurity criteria from the U.S. National Institute of Standards and Technology. Some of what will be covered in the tests includes whether devices have default passwords that can be changed, if software updates are provided and how user data is protected both on the device and when it is sent to the cloud. 

Consumer Reports’ Justin Brookman noted that the mark will also inform consumers about how long a company plans to continue protecting devices with software updates. 

The Cybersecurity and Infrastructure Security Agency (CISA), FCC and regulators at the Department of Justice will designate oversight and enforcement standards.

The White House initially launched the effort in 2023 alongside major retailers like Amazon, Best Buy, Google, Logitech, and Samsung.

“Amazon supports the U.S. Cyber Trust Mark’s goal to strengthen consumer trust in connected devices. We believe consumers will value seeing the U.S. Cyber Trust Mark both on product packaging and while shopping online,” said Amazon vice president Steve Downer.

The White House said companies will soon be able to submit their products for testing to earn the label, and companies like Best Buy and Amazon will highlight labeled products. 

Neuberger said she hoped that at some point customers would demand products that had the label.