We use cookies (or similar technologies) to collect information about how you interact with our website and allow us to remember you. We use this to improve your experience and for analytics about who our visitors are. To learn more, see our Privacy policy
Is the U.S. Cyber Trust Mark enough?
Globally, we’re living in a digital wild-west full of unregulated devices, cyber attacks, and data vulnerability. The government is introducing the U.S. Cyber Trust Mark as our first line of defense. Let’s talk about it.
What is the U.S. Cyber Trust Mark?
The U.S. Cyber Trust Mark is ‘the first-ever voluntary cybersecurity labeling program for connected smart devices’. In simple terms, a recognizable logo will be placed on certified smart devices to help consumers make more informed decisions about which products to purchase. Think of things like the Energy Star, Fair Trade, and Cruelty Free logos you see on appliances, food, and make-up products, the Cyber Trust Mark would similarly be found on smart devices that meet specified criteria.
Why is the Cyber Trust Mark important?
We live in a heavily connected world. What was once limited to desktop computers and simple firewalls is now a sprawling, interconnected, global network of billions of devices with little to no standardized security. Smart watches, fridges, fitness devices, cameras, locks, phones, tablets, consoles, light bulbs… our homes are an intricate network of gadgets making up what is commonly referred to as the Internet of Things (IoT). The IoT is a massively complex membrane connecting our digital and physical worlds. Everything belonging to the IoT, from a laptop to a smart fridge, becomes a potentially vulnerable point of entry into your digital, and therefore real, life from anywhere at any time.
There is no global security. There are no global regulations. Anyone can produce and sell a device that connects to your network and there is no way for you, as a consumer, to know how secure the device might be at the point of purchase or any point in the future (following both potential software security updates and the evolution of cyber attacks and vulnerability exploitation). Additionally, without the clarity and (hopeful) ubiquity of something like the Cyber Trust Mark for consumers to reference, there is little incentive for companies to dedicate time and resources to device security in exchange for potential profit margins
The Cyber Trust Mark will identify devices that meet NIST-recommended criteria for cyber security, designed to be the first step in providing consumers the autonomy to help secure their own smart homes. In turn, the Cyber Trust Mark should encourage manufacturers to meet this security standard to maintain competitive viability in the market.
Overall, the Cyber Trust Mark should engender a healthier and more secure benchmark for smart homes.
Is the Cyber Trust Mark enough?
The Cyber Trust Mark is a necessary first step. It draws public attention to cyber security as a national concern, places more autonomy in consumers’ hands, and provides an impetus for competitive security innovation within the product market. There is also a proposed QR code system which will provide up-to-date information on the device, ensuring consumers can discover if their device security has become obsolete in a quickly evolving digital landscape. Optimistically, it is also symbolic of further commitment to a secure digital future for America.
In short, in itself, the Cyber Trust Mark is not enough to ensure a secure smart home. It is also worth questioning the ownership of the Cyber Trust Mark as well as its necessary agnosticism.
The Cyber Trust Mark is not exclusively for consumers, it is to ensure enterprise-level security is upheld to certain standards. In itself, this is not an issue but corporations must not become the soul beneficiary of this new security standard, given they already have numerous tools and resources dedicated to cutting-edge security in contrast to individual citizens who need to be protected from this growing threat. Additionally, there could be a conflict of interest in the administrative process if tech giants are over-represented, whether setting standards too high for smaller companies to meet (reducing competition) or lower than consumer security demands (reducing efforts to provide at least minimal protection for consumers).
Conclusion
The U.S. Cyber Trust Mark is an encouraging first step in a deeply complex and ever-evolving security landscape but it is crucial to monitor the development and implementation of the Trust Mark, as well as rallying for further protection and regulations surrounding smart devices.
For more of our thoughts, please see our submitted FCC comment: Everything Set comment FCC 23-65 PS Docket 23-239.pdf