Iain Davidson, Senior Product Manager at Wireless Logic called the US Cyber Trust Mark a “timely addition to the growing body of regulations aimed at enhancing the security of connected devices”, while warning vigilance from device manufacturers as legislative shifts are expected to continue.
The US Cyber Trust Mark, which was announced by the Biden-Harris Administration in July 2023, requires stricter measures to protect end users, with an expectation it will be enforced towards the end of the year. Connected device manufacturers will be expected to meet new cybersecurity standards and display a sticker to confirm meeting these standards.
More recently, the UK announced the implementation of the PSTI Act on 29 April 2024, creating another layer of cybersecurity as device manufacturers are required to enforce greater security measures, as passwords made must be more secure and cannot follow sequences such as 123; manufacturers must provide clarity around reporting bugs or security issues; and they must inform customers how long they will receive security support for.
Iain Davidson said: “Hot on the heels of the UK PSTI Act, the US Cyber Trust Mark is a timely addition to the growing body of regulations aimed at enhancing the security of connected devices. It’s encouraging to see the industry’s collaborative efforts to tackle current and future IoT security threats by establishing robust standards that span the entire product lifecycle. There is a strong commitment to fostering a proactive, ‘secure-by-design’ culture, significantly reducing the burden on end users to ensure device security.
“However, these new regulations introduce a layer of complexity for device manufacturers. As guidelines evolve and differ across regions, companies with global operations will face challenges making sense of it all in a bid to remain compliant. With the NIS 2 Directive, the UK’s Code of Practice for Consumer IoT Security and the Cyber Resilience Act, the landscape is becoming increasingly complicated.
“Although many of these regulations reference the ETSI EN 303 645 standard, there are growing concerns about how each regulation will be enforced and the specific territorial requirements that need to be met. It’s important to recognise that these developments are just the beginning. We can expect further legislative shifts as regulators continue to evaluate these measures and refine the IoT security landscape in their respective regions. It’s important to stay vigilant and adaptable to keep pace with this evolving environment.
“It looks like we’re seeing a gradual shift towards universal standards for connected device security. While this approach is great in theory, implementing it globally will be tricky due to varying international laws and compliance requirements. Therefore, device manufacturers must take greater accountability, ensuring they meet existing requirements while staying informed about sector-specific standards and incoming legislation. Adopting a 360-degree approach to security is essential to manage the complexities of international compliance and contribute to a more secure IoT ecosystem.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
