For business, any change poses yet another expense.
However, in the IT sector, shifts are a necessity to keep innovating and protecting what you’ve built even after it reaches the customer.
In October, the Federal Communications Commission (FCC) and the National Institute of Standards and Technology (NIST) started a new program, Cyber Trust Mark.
Its goal is to strengthen security from an emerging cyber threat vulnerable IoT devices.
The rapidly growing number of IoT devices poses a significant hacking threat. The more smart devices are released to the stores, the more prominent this issue is.
In 2024, customers in the U.S. should have a straightforward way to signal whether the smart devices they buy are safe.
Here we break down all you need to know about the Cyber Trust Mark program.
What Is A Cyber Trust Mark?
Cyber Trust Mark is a U.S. government-issued program that provides cybersecurity certification and labels for IoT devices informing consumers that the smart devices they buy are safe.
A recognizable shield logo will mark smart devices that follow the best IoT security practices. With this, customers can easily purchase from brands that prioritize their privacy and cybersecurity.
Also, customers will be able to confirm whether the company is on the list of Cyber Trust Marked Devices by scanning the provided QR code.
The code imprinted on the device will lead to an official registry of all the listed devices that have been given the Cyber Trust Mark. This will also be the place where they can find new information about software updates for IoT devices or read about new vulnerabilities.
The Cyber Trust Mark program will be implemented in 2024.
A couple of manufacturers that already support this initiative to regulate the safety of vulnerable smart devices include Logitech, Google, and Amazon.
Why Do We Need Better IoT Security?
Protecting IoTs against cybercrime is challenging. Yet, it’s something that has been widely discussed in cybersecurity circles for years even before the rapid rise of IoT technology for commercial purposes
Why is it so difficult to protect IoT components?
We’re surrounded by billions of IoT devices. According to Statista, it’s projected that there will be 15.14 billion by the end of 2023. And by 2023, this number is expected to double to 29.42 billion IoT components.
For companies, it’s hard to keep the visibility of all the components that communicate with their systems. Since there are so many different IoT devices, it’s difficult to create universal guidelines that makers can apply to protect their devices.
Also, many IoT devices are often sold with weak default passwords. Consumers rarely change them, and companies that have thousands of IoT components don’t have the time to do so.
Then, there are new vulnerabilities.
Just like with any other technology, the security of smart devices needs to be ongoing. New patches need to be released, and software has to be updated regularly.
Most IoT makers already patch up flaws regularly. However, for older IoT devices, this is often not the case. For example, if manufacturers stopped releasing security updates, devices might be exposed to new threats.
What Are the Requirements for a Cyber Trust Mark?
All criteria that manufacturers will have to meet to earn the Cyber Trust Mark are not available. The basic requirements that companies will likely need to meet are:
- Stronger access control and authentication to safeguard data
- Better management of all the smart devices
- Frequent software updates
- Strong encryption to protect sensitive data
- Fast and accurate tools for responding to potential incidents
IoT makers who join this initiative will have to continually strengthen the security of their devices. This will include notifying customers about software updates and looking for weaknesses.
Companies will have to invest in AI-based security tools that can help them manage the growing number of IoT components within their infrastructure. They will need to retain visibility into which devices are potentially endangering their assets.
A major focus is on protecting data that can be reached should IoT components be hacked especially assets of sensitive nature.
Is Cyber Trust Mark Voluntary?
The initial idea was to make Cyber Trust obligatory, but this action didn’t go through since many opposed it. For now, FCC and NIST settled that this will be the label for IoT makers that choose to take part in the initiative.
However, companies participating in this program know customers are more likely to choose safer technology. They want to retain their privacy and keep hackers out of their homes.
Stores will also be encouraged to promote devices with the shield logo the new mark of secure IoT devices.
Therefore, businesses that do have the shield logo on their products will instill a greater sense of security in customers who are already acutely aware of problems such as data breaches.
In other words, the Cyber Trust Mark will give companies a commercial advantage compared to competitors that don’t have such proof that they’re continually working to sell the safest products to their users.
Implementing the regulations that require Cyber Trust Mark requires companies to introduce change in their IT processes. Many are not ready for the cost that change would require and choose not to participate in the program.
Smart Devices Need Smart Cybersecurity
Cyber Trust marks won’t make all IoT devices immune to hacking exploits. But this regulation is essential considering the ever-increasing number of IoT devices many of them poorly protected once released to the public.
This initiative marks a start to:
- Setting standardized guidelines for securing IoT components
- Helping customers actively choose safer technology
- Raising expectations for the security of smart devices
- Increasing the responsibility that manufacturers have for the technology they release to the market
While there might still be a long way to go, vulnerable IoT devices are a problem that shouldn’t be taken lightly.