In recent years, the IoT industry has seen exponential growth. Presently, there are 15 billion smart devices in existence worldwide. However, despite widespread adoption, many IoT devices lack robust cyber security measures, making them vulnerable to hackers. Nearly 70% of American households have smart devices installed in their homes, indicating a need to address cyber security concerns.
Recognizing the urgency of the issue, the Biden administration and major U.S. consumer technology players have announced an effort to create a national cyber security certification and labeling program for smart devices. The primary objective of this initiative is to assist consumers in selecting smart devices that aren’t extremely vulnerable to hacking.
Cyber Trust Mark initiative
Known as the Cyber Trust Mark initiative, this effort will be overseen by the Federal Communications Commission. Industry participation will be voluntary. The program is intended to mirror the Energy Star program, which rates appliances’ energy efficiency, empowering consumers to make more informed, cost-effective and sustainable decisions.
The initiative has received backing from major electronics, appliance and consumer product manufacturers. Each has pledged to voluntarily increase attention to cyber security in the development and vending of products. Among the brands committed to the program are Logitech, Best Buy, Google, LG Electronics and Samsung.
Higher-risk devices: Consumer-grade routers
Consumer-grade routers have been identified as higher-risk devices and their compromise could lead to severe consequences. These include eavesdropping, password theft, account theft, and subsequent attacks on network connected devices.
Enhanced IoT protection plan of action
- To maintain trust and confidence in the program, the FCC will work with regulators and the U.S. Department of Justice.
- NIST is set to immediately pursue efforts to define cyber security requirements for consumer-grade routers.
- The FCC plans for information about device security to be accessible via QR code.
- The U.S> Department of Energy will collaborate with National Labs and industry partners to research and develop cyber security labeling requirements for smart meters and power inverters, both of which are essential elements of smart grids.
- The U.S. Department of State will support the FCC in engaging with international allies and partners around harmonization of standards and mutual recognition of related labeling initiatives.
Ahead of program rollout in 2024, the FCC is expected to seek public comment.
Congressional support and involvement
Congressional representative Ted Lieu, D-Calif., has introduced supplemental legislation to support the U.S. Cyber Trust Mark, proposing an advisory committee of cyber security experts to create benchmarks for the Internet of Things (IoT). No further companion bills have been proposed thus far. The initiative is generally receiving positive acknowledgement.
Growing threat landscape and program vision
According to Check Point researchers, the number of cyber attacks conducted through IoT devices has dramatically increased across the past two years.
FCC Chairwoman Jessica Rosenworcel envisions the Cyber Trust Mark becoming a sought-after label for consumers and a standard that’s preferred by product manufacturers and product retailers.
For further insights into smart device security and the U.S Cyber Trust Mark initiative, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.