A new trust mark for connected devices has been slated to come into effect in the USA. The voluntary programme is intended to raise awareness and assure confidence in the cyber security credentials of wireless Internet of Things (IoT) devices for US consumers and, eventually, consumers around the world.
The Cyber Trust Mark is part of the Biden administration’s focus on dealing with cyber threats. The Cyber Trust Mark programme was voted into effect by the Federal Communications Commission (FCC) on March 14, 2024.
How will the Cyber Trust Mark programme work?
The Cyber Trust Mark programme will involve the FCC, its Federal partners, manufacturers, retailers and cyber-security groups. Manufacturers of IoT devices – such as Smart TVs, baby monitors, security cameras, etc – will be able to submit their devices for testing and evaluation.
The tests and evaluation will be carried out by third-party labs. Devices that are deemed to fulfil the necessary cyber-security standards will be allowed to bear the Cyber Trust Mark shield logo.
Markings will also include a scannable QR code which links to details of the device’s security features. It will detail authorisation dates, default password instructions, software updates, minimum support periods, configuration instructions and a software bill of materials. The FCC is still considering whether or not to include information about whether the software or firmware is developed in a nation deemed a security risk by the USA.
Why do we need a Cyber Trust Mark for IoT devices?
As more and more devices are connected to the Internet, the associated cyber security risk increases.
To ensure that connected IoT devices have the necessary cyber security to prevent misuse, cyber crime and cyber terrorism, consumers need to be given information about the devices’ cyber security status.
The FCC says the Cyber Trust Mark initiative will help consumers to:
- make informed purchasing decisions,
- differentiate trustworthy products from untrustworthy products
At the same time, the mark will create incentives for manufacturers to meet higher cyber-security standards. The hope is that more manufacturers will use the Cyber Trust Mark and, as it becomes more recognised, more consumers will demand products that bear the Cyber Trust Mark shield.
Jessica Rosenworcel, FCC chair, commented, “The future of smart devices is big and the opportunity for the US to lead the world with a global signal of trust is even greater.”
The FCC’s approval of the Cyber Trust Mark also mandated a collaboration between the FCC’s Public Safety and Homeland Security Bureau and the Justic Department’s Office of International Affairs. They will work together to establish international recognition for the Cyber Trust Mark.