By David DiMolfetta The top cyber official who served in former President Joe Biden’s White House is backing a federal device-labeling initiative she helped oversee after the Federal Communications Commission launched a national security review of the program’s alleged links to China. She argued that the effort is precisely designed to help limit Americans’ reliance on insecure Chinese-made smart devices.
Anne Neuberger, who was the deputy national security advisor for cybersecurity and emerging technology in the prior administration, disputed a probe launched by FCC Chairman Brendan Carr against the Cyber Trust Mark program, which is designed to certify consumer smart devices with a label that deems them cybersecure. The voluntary program officially launched early this year after months of development in the Biden administration.
Carr’s investigation, first reported last week by Fox News, centers on the lead administrator of the initiative, Underwriter Labs, which was selected in December. Carr directed an internal FCC national security body to “investigate certain worrying issues he has discovered” about UL and the other program administrators because of potential ties to China, Fox reported, citing an internal agency document.
The reported document says UL “has a joint venture in China with China National Import and Export Commodities Inspection Corp.” that will “be excluded from the FCC’s equipment authorization program” under rules recently adopted by the commission. The company “has 18 China-based testing locations” with three “particularly alarming” locations, the document says.
“China is a leading manufacturer of IoT devices, with a large percentage of the world’s connected devices coming from China. Americans use insecure Chinese devices in their homes, schools and offices every day, like Hikvision IP cameras, Huawei networking equipment and Xiaomi devices,” Neuberger told Nextgov/FCW.
“Cyber Trust Mark will change that status quo. It requires IoT devices to meet a [U.S. government] cybersecurity standard for the first time. It also gives American shoppers a label to check which devices have been tested. Underwriter Labs has testing sites around the world and could be required to only do testing outside China,” she argued.
“Using UL is the fastest and most effective way to change today’s insecure status quo, given it has consumers’ trust and a network of experienced labs who can start testing immediately to get secure IOT devices into Americans’ hands,” she said.
An FCC source told Fox the Cyber Trust Mark was rushed under the Biden administration and is now in limbo. Carr, a Trump appointee who initially voted to approve the initiative in 2024, has since raised concerns about its implementation and is calling for additional scrutiny, the report adds.
The FCC did not respond to a request for comment.
Intelligence and national security officials have long argued that technologies linked to China could pose surveillance and sabotage risks. Policy analysts often cite a 2017 Chinese law requiring domestic companies to assist state intelligence efforts, fueling concerns that firms operating with overseas units could be compelled to hand over data to Beijing.
China has also become a central focus of U.S. tech and supply chain policy in President Donald Trump’s second term, particularly under Carr, a longtime China hawk. In March, Carr said the FCC began probing a group of Chinese tech and telecom providers that could still be operating in the U.S. despite prior agency-issued restrictions.
Pausing the program would affect a key provision in a cybersecurity executive order issued by Biden and retained in a June 6 directive signed by Trump, which requires all government-purchased smart devices to carry the certification label by January 2027.
In April, former Republican FCC commissioner Nathan Simington said the cyber certification might be expanded in the near future to include other equipment beyond household appliances.
“I’m not sure if we could go for wireless first, or for industrial first, or for both,” he said at the time, adding that it’ll be interesting to see whether that January 2027 deadline is kept in place by the Trump administration. Simington abruptly announced his departure from the FCC on June 4.
]]>
Read more here:: www.nextgov.com/rss/all/
