Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
Valerie is Techopedia's Editor-in-Chief. She is a skilled writer and editor with expertise in crafting evergreens, analyses, forecasts, and educational materials, covering global financial markets,…
The U.S. Cyber Trust Mark is a proposal by the United States Federal Communications Commission (FCC) to establish a cybersecurity labeling program that will provide consumers with transparent information about the security of their internet-enabled smart devices.
Modeled after the U.S. Energy Star program, the Cyber Trust Mark program is designed to help consumers make informed purchasing decisions and motivate manufacturers to voluntarily adhere to government standards for Internet of Things (IoT) cybersecurity.
If approved, the program could be operational by late 2024.
The FCC’s proposal is part of the United States National Cybersecurity Strategy Implementation and is being overseen by the country’s National Security Council.
Currently, the proposal is inviting public input on matters such as:
It’s expected that compliant smart devices will be able to display the U.S. Cyber Trust Mark logo on packaging alongside a QR code that points to a national registry of certified devices. The national registry will allow consumers to access the most current security information about the product they are thinking of buying and compare the information to that of similar products.
Tech giants like Amazon, Google, LG Electronics, Logitech, and Samsung Electronics have already pledged their support for the U.S. Cyber Trust Mark, which will appear on approved products as a distinct shield logo.
The FCC anticipates that as consumer demand for trustworthy smart products continues to grow, an increasing number of manufacturers will voluntarily participate in the program to demonstrate their commitment to privacy, confidentiality, and security.
According to Deloitte, U.S. households had an average of 22 connected IoT devices in 2022. These products offer immense benefits, but they also pose a variety of security challenges due to poor design and/or outdated software.
Insecure IoT devices are an attractive target for cybercriminals because they can be used to gain network access that allows the intruder to conduct a lateral attack. Breaches in consumer IoT systems can have severe consequences, ranging from privacy violations to theft – and even physical harm in critical sectors like healthcare.
SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021. At the same time, the number of smart devices is still rising, with projections suggesting there will be more than 25 billion connected devices in operation by 2030.
The absence of universal security standards for IoT devices has led to inconsistencies in security practices, which makes it challenging for consumers to make informed purchasing choices.
To mitigate the security challenges, it is crucial for manufacturers, governments, and consumers to prioritize IoT security.
It’s expected that a broad spectrum of consumer smart products will be eligible for the Trust Mark, including:
The requirements for certification for the U.S. Cyber Trust Mark are still being developed, but they are expected to address the following concerns:
The FCC’s call for input indicates that specific requirements for certification may vary, depending on the type of device. For example, wireless devices that process sensitive data, like wireless home routers, may have more stringent requirements than devices that do not.
The FCC’s proposal for a labeling system, which is outlined in this Notice of Proposed Rulemaking, relies on standards developed by the National Institute of Standards and Technology (NIST). It is expected to build upon existing efforts within the public and private sectors to address cybersecurity and labeling concerns in smart devices, including:
The United States is not the only country that is encouraging IoT device manufacturers to make IoT device security a priority. Different countries and international organizations around the world have been working on IoT security standards to safeguard the integrity and privacy of IoT systems. Initiatives include:
The proposed European Union’s Cyber Resilience Act aims to address the lack of cybersecurity in consumer IoT products, as well as a lack of updates or patches to address vulnerabilities. Unlike the voluntary guidance proposed by the United States, the Cyber Resilience Act allows for large fines and penalties for violators, and it specifies that products failing to meet the Act’s outlined safety requirements will not be permitted to go to market.
The Product Security and Telecommunications Infrastructure Act of 2022 (PSTIA) helps make sure that consumer IoT devices are more secure against threats by banning default passwords and stipulating that manufacturers disclose how long they plan to offer product security updates.
To ensure compliance with the new regulations, the law sets up an enforcement regime that includes civil and criminal sanctions. It also requires manufacturers to designate a point of contact for reporting IoT device security issues and vulnerabilities.
The European Union Agency for Cybersecurity (ENISA) has been actively working on IoT security recommendations and best practices. The European Cybersecurity Act mandates the development of a European IoT cybersecurity certification framework to ensure the security of IoT devices.
China’s Standardization Administration has established the China Communications Standards Association (CCSA) to develop national IoT standards that cover various aspects of IoT security, including device authentication, data protection, and network security.
The Ministry of Internal Affairs and Communications (MIC) in Japan has issued guidelines for IoT security. These guidelines address issues like password management, data encryption, and software updates to enhance IoT security in the country.
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) collaborate on developing global standards for IoT security. ISO/IEC 27001 and ISO/IEC 27002 are widely recognized international standards for information and communication technology (ICT) security that can be applied to IoT systems.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What is Differential Privacy? Differential privacy is a mathematical framework for determining a quantifiable and adjustable level of privacy protection....
Margaret RouseTechnology Expert
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
What is a Security Posture? Security posture definition refers to the ability an organization has to protect its information technology...
Trending NewsLatest GuidesReviewsTerm of the Day