The White House has unveiled its plan for a US Cyber Trust Mark intended to certify that IoT devices marked with the label have met security criteria. The voluntary programme by the Federal Communications Commission (FCC) is due to roll out in 2024 and is intended to protect consumers’ networks and device data.
The Department of Energy was also announced to be joining with the FCC to create the cybersecurity with a subsequent label for smart meters and power inverters; a potential agreement with the National Institute of Standards and Technology (NIST) is poised to create an additional set of standards specifically for routers by the end of 2023.
The security criteria has six pillars for devices to meet to be deemed secure. They are asset identification, product configuration, data protection, interface access control, software updates, cybersecurity state awareness.
This is the result of plans announced in October 2022 at an event that included leaders from the connectivity sphere. The announcement was based from a document published in 2022 by NIST and laid out the primary criteria for gaining the mark. Cybersecurity is the main focus, but there’s also mention of the opportunity to add some privacy protection.
The Cyber Trust Mark is destined for the product box of devices, with a secondary layer of information, such as a QR code, to provide even more information about the cybersecurity and even relevant privacy information.
US Deputy National Security Advisor Anne Neuberger compared it to the now ubiquitously known Energy Star label, which goes on devices as different as a washing machine or a PC.
Consumers will now be able to use the label to judge if a product meets certain cybersecurity standards when choosing at a store or online, with the label indicating that the product meets a set of standards developed by the program. This stands to benefit companies that invest in security are set to benefit as, consumers who may tend to buy the cheapest product, may now reconsider after seeing reasoning for the increased cost.
But the announcement is tipped to be only the beginning of the journey. The goal is to create a set of criteria for third-party administrators to use to certify a device with the Cyber Trust Mark. There will be a period of refinement before this whedre where companies, consumers and organisations can share their thoughts on criteria and how the program should work.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.