Home smart devices, including door cams, TVs, speakers, and appliances, may soon be sold by Amazon, Best Buy, and Google with a "hacker-safe" label.

• The Cyber Trust Mark program of the FCC, which has not yet been officially launched, aims to safeguard personal smart devices and has received pledges from Amazon, Best Buy, and Google.
• Consumers can obtain detailed, up-to-date security information about their smart devices by scanning a QR code on a 'U.S. Cyber Trust Mark' shield logo emblazoned on these devices.
• The program is mandatory, and includes only smartphones, personal computers, routers, cars, and internet-connected medical devices.

In the shopping process, consumers are familiar with various labels and certifications on products, such as Energy Star and sustainability standards. Now, shoppers should anticipate a new seal of approval for home gadgets and appliances from the federal government that focuses on hacking safety.

In July 2021, the Biden administration and the Federal Communications Commission suggested the establishment of the U.S. Cyber Trust Mark program, a labeling initiative aimed at assisting consumers in selecting internet-connected devices that have been certified by manufacturers as secure from hackers, scammers, and other cyber criminals.

The proposed program will mandate that manufacturers of smart IoT devices, such as doorbell cameras, voice-activated speakers, baby monitors, TVs, kitchen appliances, thermostats, and fitness trackers, adhere to a set of cybersecurity standards established by the NIST. These standards will require manufacturers to implement unique passwords, data protection, software patches and updates, and incident detection capabilities.

The FDA regulates smartphones, personal computers, routers, and certain internet-connected medical devices, such as smart thermometers and CPAP machines. However, motor vehicles and the data stored in them are not included in the program and are overseen by the National Highway Traffic Safety Administration. Data privacy concerns have been rising in this area.

The FTC will oversee and enforce public-private collaboration, with approved third-party label administrators managing product applications, label authorization, consumer education, and compliance testing handled by accredited labs.

The Cyber Trust Mark, emblazoned with a QR code, will be displayed on packaging for products that meet specific criteria, providing consumers with detailed, up-to-date security information about their devices when scanned on a smartphone. This will assist consumers in making more informed purchasing decisions about device privacy and security, as stated by FCC chairwoman Jessica Rosenworcel.

The program has been committed to by Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics, but none of these companies have yet utilized the symbol.

Holiday season labeling is goal, but an unlikely one

The FCC approved the program in March with the goal of launching it later this year. During a cybersecurity panel discussion at Auburn University's McCrary Institute in May, Nicholas Leiserson, the White House's assistant national cyber director for cyber policy and programs, stated, "By the holiday season, you should start to see devices with the Cyber Trust Mark on it."

Although the administration aims to release products with the symbol, consumers should not anticipate seeing them until early next year at the earliest. The FCC spokesperson did not provide any specific dates regarding the launch timeline in an email.

"The spokesperson stated that the program is currently undergoing the standard intergovernmental review process before being launched. Once the process is complete, the next steps will be communicated publicly."

David Grossman, vice president of policy and regulatory affairs for the Consumer Technology Association, stated that manufacturers are waiting for clear guidelines before they can receive certification for the Trust Mark. Once certified, manufacturers will need to adjust their packaging and ship updated products to retailers, he added.

70 million U.S. homes actively using smart devices

As the specifics of the program are being finalized, it's important to consider the reasons why consumers require the protection it will offer. According to research by Statista, in 2024, approximately 70 million homes in the U.S. are already using smart devices, which is an increase of over 10% from the previous year. This number is predicted to reach 100 million homes by 2028. Furthermore, the average U.S. household has around 25 connected devices.

Nearly 75% of U.S. households with internet service are concerned about the security of their personal data, while 54% have experienced a data privacy or security issue in the past 12 months, an increase of 50% over five years.

The Cyber Trust Mark program was announced at a White House meeting attended by staffers from Consumer Reports. Following the meeting, the organization conducted an American Experiences Survey to gather information about the program and the types of data-protection information consumers desire before purchasing a smart device.

Two-thirds of those surveyed (69%) believe it is very important to know who their data is shared or sold to, with 92% saying it is either very or somewhat important. Three out of four respondents believe manufacturers should provide privacy and security information to consumers, while only 8% think the government is responsible.

"Stacey Higginbotham, a cybersecurity expert and writer for Consumer Reports, emphasized the importance of establishing a standard for IoT devices that is easily understandable to consumers. According to her, the current lack of regulation in this area has resulted in a Wild West scenario, which is not ideal for consumers. Higginbotham stated that consumers are concerned about having access to this information, which is why a program is necessary to address this issue."

The proposed program's broad scope necessitates stricter cybersecurity measures, not just for devices, internet services, and cloud networks where personal data is stored, according to Higginbotham. She was pleased that it also includes a guaranteed support timeframe, specifying the number of years that a product manufacturer will provide software security updates and patches.

A voluntary program is business reality

Higginbotham expressed her desire for the program to be mandatory, but acknowledged that it will likely remain voluntary due to opposition from the business community, which frequently opposes government-imposed regulations.

"To participate, you must comply with the FCC's requirements. Manufacturers do not want the agency to control aspects such as the size and placement of the Cyber Trust Mark on packaging. The goal is to create a recognizable mark for consumers while allowing manufacturers some flexibility."

Grossman stated that if the final proposal is too prescriptive, companies may be hesitant to make a commitment.

Forescout Technologies CEO Barry Mainz is a supporter of the Cyber Trust Mark, stating that it is a positive step towards making it more difficult for hackers to access IoT devices. However, he is concerned about the millions of vulnerable devices already in use, and wonders about the responsibility of device manufacturers to address this issue. Mainz suggests that popular products, such as smart TVs and door locks, could be upgraded by their manufacturers as a goodwill measure to prevent hacking, allowing owners to ensure their safety without having to purchase new devices.

Steps to take now to protect your home internet

Before the Cyber Trust Mark program begins, consumers can take immediate steps to improve their cybersecurity. One crucial aspect to focus on is the routers that connect devices wirelessly. These routers often come with a default password that can be easily changed by hackers to spy on you or gain access to files on a network-attached hard drive. To enhance security, create a strong and unique password for the router and each connected device, and enable two-factor authentication if possible. If you have a guest network on the router, set it up with a separate password. Additionally, ensure that the router's software is up to date, either by activating the automatic update feature or checking the manufacturer's website for patches that can be downloaded and installed.

The Cyber Trust Mark can provide enhanced cybersecurity for consumers who use IoT technology and devices, keeping them one step ahead of potential threats.