White House introduces US Cyber Trust Mark to help consumers identify secure IoT devices

White House launched The US Cyber ​​Trusk Mark is a new voluntary cybersecurity labeling program for Internet-connected devices that aims to help consumers easily identify products that meet established cybersecurity standards.

The Cyber ​​Trust Seal, administered by the Federal Communications Commission, will appear as a separate label with a shield logo on certified devices (pictured), including smart thermostats, baby monitors, home security cameras, fitness trackers and other app-controlled devices. To earn this mark, products must meet cybersecurity criteria set by the US National Institute of Standards and Technology and be tested by accredited laboratories.

The program aims to address concerns about security risks associated with Internet-connected devices that are often overlooked when it comes to security. The idea is that by providing a clear and recognizable label, consumers will be able to make informed choices about the cybersecurity of the products they buy.

“This will help consumers make informed decisions about the products they bring into their homes, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards,” the FCC states in the new document. US Cyber ​​Trust Mark Page.

The industry’s biggest players, including Amazon.com Inc., Best Buy Co. Inc., Google LLC, LG Electronics USA Inc., Logitech Inc. and Samsung Electronics Co Ltd. expressed support for this initiative. The first Cyber ​​Trust Mark products are expected to be available later this year.

Although the labeling scheme is voluntary, it may not be suitable for manufacturers in the future if they wish to cooperate with the US government. Reuters reports that the White House plans to issue an executive order in the final days of President Joe Biden’s administration that would limit the US government to purchasing only Cyber ​​Trust Mark products starting in 2027.

This labeling sounds good in theory, but not all cybersecurity experts are entirely positive about it. Tim Erlin, security strategist at a security research firm Wallarm Inc.told SiliconANGLE via email that “there is no doubt that the Cyber ​​Trust Mark program represents significant progress in consumer protection, but there is also no doubt that it represents a low bar for cybersecurity.”

“The Cyber ​​Trust Mark program ultimately requires manufacturers to follow NIST.IR.8425, which was finalized in 2022,” Erlin explained. It is incredibly difficult to create technology requirements that will remain fully relevant for years to come” and that “the co-authors have done a reasonable job of future-proofing the requirements, but because of this need they are necessarily less specific. The devil is in the implementation details.”

Andrew Obadiaru, CISO of an offensive security services company Cobalt Labs Inc.was more optimistic, stating that “the FCC’s launch of the US Cyber ​​Trust Seal is an important step towards improving IoT security.

“In our work testing IoT devices and embedded systems, we often find hard-coded credentials, open debug ports, and misconfigurations—vulnerabilities that give attackers easy access to networks,” Obadiaru wrote. “Once inside, attackers can move out of the way, disrupt operations, steal sensitive data, or launch ransomware attacks.”

Cobalt recommends that manufacturers prioritize regular penetration testing and firmware verification to ensure these issues are identified and resolved promptly. “Addressing vulnerabilities before products reach the market reduces the risk of breaches, protecting both consumers and businesses while strengthening overall trust in connected devices,” he said.

Image: FCC