Representatives of the Federal Communications Commission (FCC) and the National Institute of Standards and Technology (NIST) have recently unveiled a U.S. national IoT security label at the White House called the “U.S. Cyber Trust Mark” to inform consumers about the security, safety, and privacy of a specific IoT and Smart Home device.
IoT security has been a problem for years with routers shipping with telnet enabled with default usernames and passwords, vulnerabilities in SDKs, unencrypted passwords transmitted over the network, millions of devices with older microcontrollers without built-in hardware security features, etc… There have been industry efforts to solve this such as the Arm PSA initiative, as well as regulations to prevent default usernames/passwords in new devices, but nothing about IoT security that can help a consumer find out if a device is supposed to be secure or not. The Cyber Trust Mark is supposed to address this issue.
The preview logo shown above could soon show up on the package of IoT and Smart Home devices that meet IoT security requirements under NISTIR 8425. Since IoT devices frequently get firmware updates and new vulnerabilities may be discovered, a QR code is also expected on each package/device so that the end users can check the latest updates.
Devices with the U.S Cyber Trust Mark will also be listed in a registry indicating that these products meet U.S. cybersecurity standards. The label will be voluntary at launch and apply only to devices from manufacturers which have agreed to ensure their products meet an agreed standard for security.
Companies such as Amazon, Google, LG Electronics, Logitech, and Samsung are onboard, as well as Best Buy retailer, and some silicon vendors such as Infineon Technologies have also expressed their support for the initiative. But it will take a while before it is implemented. First, the proposal would have to be adopted by a vote of the FCC, and then it would be issued for public comment before finally being deployed on packages and products in late 2024.
Thanks to TLS for the tip, and Hackster.io for finding the logo!
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.