A top White House cybersecurity official said Thursday that the administration’s “U.S. Cyber Trust Mark” program is on track to be released by the end of 2024.
The White House unveiled its “U.S. Cyber Trust Mark” in July – a program that will label cyber-secure smart devices with a shield logo and help Americans more easily choose devices that are less vulnerable to cyberattacks.
The Federal Communications Commission (FCC) took the reins on the project and in August released a notice of proposed rulemaking, seeking feedback from the public on the voluntary cybersecurity labeling program. Anne Neuberger, the White House’s Deputy National Security Advisor for Cyber and Emerging Technology, said the feedback has been overwhelmingly positive.
“The Cyber Trust Mark program, by the end of 2024, there will be labels on products in stores for those products that meet the government’s security standard,” Neuberger said during the Aspen Security Forum in D.C. on Dec. 7. “Right now, we are on track.”
“The FCC got out its rule and it’s out for public comment. As the [FCC] chairwoman [Jessica Rosenworcel] will say, almost all the comments they got back were positive,” she added, “which was a very good experience for them.”
The U.S. Cyber Trust Mark logo will also feature a QR code that can provide more information on the smart products. Some of these common products include smart fitness trackers, baby monitors, refrigerators, microwaves, televisions, home thermostats, and more.
The program will label products based on cybersecurity criteria published by the National Institute of Standards and Technology, such as requiring unique and strong passwords, data protections, software updates, and incident detection capabilities.
The FCC’s program would be similar to the Energy Star program, which was created to help consumers identify energy-efficient appliances and encourage more companies to produce them in the marketplace – but for more cybersecure smart devices, Neuberger said during the forum.
“I think there’s real lessons from cybersecurity as we approach AI in that we waited far too long to put in place, for example, minimum cybersecurity protections for critical infrastructure,” Neuberger said. “And I think one of the reasons you saw in the AI executive order a very clear focus on approaching the safety and risks of deployment of AI in critical services, that was a lesson learned from our lessons in cybersecurity.”
“We said before artificial intelligence use is accelerated across critical services, we need to put in place real controls for how it’s tested, how what kind of decisions where there’s a human in the loop, the explainability of those uses, because of that,” she added. “So, the goal of the Cyber Trust Mark program is to say there are billions and billions of connected devices, actually four times more than any internet connected individuals today. How do we incentivize companies building fitness monitors [and] home alarm systems to build them secure?”
Using AI in Intel Realm, While Managing its Cyber Risks
Neuberger explained during the Aspen Security Forum that AI will be a critical asset in the intelligence realm, but also that ensuring adversaries don’t exploit these tools first will be key.
Specifically, the White House cyber lead explained that leveraging AI to create intelligence decisions in real time will be critical.
“Two of the toughest problems we have in the intelligence community is making sense of vast amounts of data that’s collected. And the second piece, making vast amounts of intelligence reports that are generated available, summarized, and accessible to those who can use it quickly and effectively during decision,” Neuberger said. “So, for example, on the on the second, think of a ChatGPT for tens of thousands of intelligence reports coming from each, whether it’s human collection, whether it’s signals intelligence, that’s available on the desktops of analysts or policymakers who can ask a question immediately.”
“Big components of that today are manual, big components of that take time to pull together. And the most satisfying work for people working in the communities is answering the question, so we can accelerate the time and automate that work, both to pull that work together as well as to make it available to a policymaker,” she added.
“There’s a flip side, which is we’re not the only ones who have access to that. So, ensuring that we also think about maintaining our lead and what it takes to not only be first, but also ensure that we can manage in a world where those kinds of what were traditionally advanced capabilities are available to a whole range of actors is a second really important area for focus and study,” Neuberger said.
