Smarter IoT Device Security: Updates on the US Cyber Trust Mark


Readers, it’s already May. That’s wild.

It feels like it just last week we first reported on the U.S. Cyber Trust Mark – a voluntary program that provides a cybersecurity certification label for smart devices and other connected consumer products produced by IoT developers. Following the Biden-Harris Administration’s initial proposal, FCC Chairwoman Jessica Rosenworcel affirmed that if this were to be implemented properly, it would “raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers and more.” Stronger overall consumer awareness regarding the security of their modern purchases, if you will.

Well, here’s a quick update:

For anyone unaware, the FCC officially voted to approve the program.

This is substantial. By creating easy-to-recognize labels that confirm a consumer product meets National Institute of Standards and Technology (NIST) standards, the hope is that consumer markets begin to more strategically address the litanies of vulnerabilities often encountered vis-à-vis smart device acquisition and usage.

As another reporter described, “A rush of internet-connected consumer devices that often ship with little or poor security have created huge privacy risks for the consumers that rely on them. This has given malicious hackers access to huge networks of devices that they can use to carry out and orchestrate attacks.”

Clearly, this must be stopped.

FCC Commissioner Nathan Simington put it like this:

“If your car explodes following a minor accident or if a table saw comes loose and maims you or your lightbulb overheats and causes a fire, you can take the negligent manufacturer to court and recover your damages. But if an attacker hacks your smart home devices – let’s say your Alexa – listens in on your private conversations, you have little to no recourse against the manufacturer.”

The FCC is reportedly in the midst of selecting a lead administrator to further build out the program (and the third-party accredited labs tasked with compliance testing) to:

  • Select which products will receive the Cyber Trust Mark.
  • Create consumer-friendly landing pages for each product (reached via QR codes).

Notably, we also received word from Finite State, provider of connected device security and software supply chain risk management solutions. Matt Wyckhouse, CEO of Finite State, is very much in support of the U.S. Cyber Trust Mark’s progression, saying “it is a great first step to ensure IoT devices have a rigorous standard for cybersecurity protection, thus helping consumers better understand their IoT devices.” (Though the many components that make up IoT devices may still require deeper action.)

And as mentioned, while a voluntary effort, this is still vital for businesses “keenly interested in differentiating their products for the safety of the global marketplace,” said Steve Kelly, Chief Trust Officer at the institute for Security and Technology.

Read here to learn more directly from the FCC.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

ICYMI: Some of the Latest Exciting Developments in IoT

By: Alex Passett    5/17/2024

We've compiled several Internet of Things (IoT) stories that will benefit readers interested in smart infrastructure analytics, high-speed satellite I…

Read More

With Investment from Accenture Ventures, Sanctuary AI Continues Development of Impressive, AI-Powered Human Robotics

By: Alex Passett    5/15/2024

Accenture Ventures made a strategic investment in Sanctuary AI as more of the latter's developments involving AI control system "Carbon" and human-lik…

Read More

Upstream Security Receives Supportive Boost from Cisco Investments

By: Alex Passett    5/15/2024

Cisco Investments has reportedly invested in Upstream Security, an XDR solutions provider for connected vehicles and general IoT.

Read More

SEALSQ's 'INeS' PKI-as-a-Service Platform Selected by D-Link for Matter-compliant IoT

By: Alex Passett    5/14/2024

Last month, D-Link officially selected SEALSQ's PKI-as-a-Service solution (dubbed "INeS") to provide Node Attestation Certificates for D-Link's MS30-N…

Read More

Variscite-SecEdge Collab Empowers IoT Customers with Easy-to-Implement Device Security Solutions

By: Alex Passett    5/14/2024

Variscite and SecEdge are building an expanded collaboration to provide increasingly dependable chip-to-cloud, standards-compliant security solutions …

Read More