Endpoint Security,
Governance & Risk Management,
Internet of Things Security
FCC Lacks Leadership for Cyber Trust Mark Program Following UL Solutions’ Withdrawal
The Federal Communications Commission (FCC) recently faced a setback as UL Solutions, the organization originally appointed to lead its consumer cybersecurity labeling program, has stepped down. This decision has prompted concerns regarding the future viability of the U.S. Cyber Trust Mark program, which was designed to assist consumers in identifying secure Internet of Things (IoT) devices. Reports suggest that internal reviews raised alarms over potential foreign influence in the management of the program.
UL Solutions formally notified the FCC in late December of its withdrawal, effective immediately. The organization had described its contributions as foundational to the initiative, which aims to enhance cybersecurity measures across consumer IoT products. In a letter, Chanté Maurio, vice president and general manager of identity management and security at UL Solutions, expressed the organization’s commitment to supporting the FCC’s priorities, notably in ensuring consumer safety in IoT technologies.
In its letter of withdrawal, UL emphasized its efforts in convening stakeholders, developing technical and governance guidelines, and facilitating early-stage design for the program. However, the exit leaves the FCC without a designated entity to manage the daily operations of this voluntary labeling initiative, introduced about a year ago to improve transparency and accountability in the consumer IoT market.
While UL framed its departure as a natural transition, the timing raises eyebrows within governmental circles, particularly given that an internal national security review was initiated just months prior to their withdrawal. This review, ordered by FCC Chairman Brendan Carr, sought to investigate whether external entities posed risks to the integrity of a program intended to certify the cybersecurity credentials of consumer devices sold in the U.S.
The Cyber Trust Mark program emerged during the Biden administration in response to long-standing concerns regarding the security vulnerabilities of smart home devices. Past leadership noted that the initiative was a direct response to growing public apprehension over hackers gaining remote access to home security systems or exploiting unsecured devices for illicit purposes.
The FCC had tasked UL Solutions with developing specific IoT standards and testing protocols and established them as a liaison between the agency and Certifying Laboratories. At this point, it remains uncertain whether the FCC will appoint a new administrator to take over these responsibilities, and attempts to reach both the White House and UL Solutions for comments yielded no immediate responses.
