August 18, 2023
Government Launches Cybersecurity Labeling Program to Identify Trustworthy Products
A supplier says the U.S. Cyber Trust Mark program will force promo companies to pay more attention to the cybersecurity of the products they’re selling.
The Biden administration has announced it’s moving to implement a long-anticipated cybersecurity labeling program. When the new government-backed label, known as the “U.S. Cyber Trust Mark” is up and running in 2024, it will help Americans choose trustworthy tech products and protect against cybersecurity threats.
Internet of Things (IoT) devices, which include everything from fitness trackers to microwave ovens, have been considered generally lacking on cybersecurity. But with this new program announced on July 18, the National Institute of Standards and Technology (NIST) will implement standards for labeled products to guard against threats.
“This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the White House said in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”
Major manufacturers and retailers like Amazon and Best Buy already announced their support and commitment to the program. Paul Hirsch, CEO of industry supplier Hirsch (asi/61005), said promo companies should do the same.
“With the rise in connected devices, people are now more at risk for data breaches than ever before,” Hirsch, who was recently promoted to the CEO role, told ASI Media. “Consumers need to be comfortable with the products they’re buying, and these new standards will allow that.”
While the full list of standards isn’t yet finalized, the White House said the criteria will require strong default passwords, data protection, software updates and incident detection capabilities. Hirsch, whose company offers a bevy of tech products and several dozen retail brands to the promo industry, said these new standards will force the promo industry to pay more attention to the products they’re selling. “While we aren’t selling directly to consumers,” he noted, “we still need to ensure that our end-users are receiving promotional products that won’t compromise their digital security.”
Hirsch added that retail brands will be the first group to adopt the new standards, and though just a few of Hirsch’s retail product lines include IoT devices, “those that do will have to be looked into as the new guidelines are released.”
“Consumers need to be comfortable with the products they’re buying, and these new standards will allow that.” Paul Hirsch, Hirsch
The launch of the program could be a year away, but the administration took the first steps as the Federal Communications Commission (FCC) applied for a trademark linked to the effort.
The FCC also intends to use a QR code linking to a national registry of certified devices so consumers can compare security information. “We knew that we didn’t want to create a label that said this product had been certified and secured and then stayed secure forever,” a senior administration official said to Tech Crunch. “The QR code will give you up-to-date information on the ongoing adherence to cybersecurity standards.”
The White House also announced other related efforts, including defining cybersecurity requirements for consumer-grade routers and a new initiative to research and develop cybersecurity labeling for power grid components such as smart meters and power inverters.