What is the U.S. Cyber Trust Mark? Amazon, Google join White House in rolling out cybersecurity certification program

 

By Michael Grothaus

Today the White House announced a new cybersecurity labeling program that aims to easily let consumers see which Internet of Things (IoT) devices have an acceptable level of security protection against cyberattacks. The U.S. Cyber Trust Mark will be applied to products that meet cybersecurity requirements, and major tech firms including Amazon, Google, and Samsung have already signed on. Here’s what you need to know.

    What is the U.S. Cyber Trust Mark? The mark is part of a new labeling and cybersecurity safety certification program that will be overseen by the Federal Communications Commission (FCC). The idea behind the mark is to give consumers an easy way to see if the Internet of Things device they are thinking of purchasing has adhered to best practices that make them less vulnerable to hackers and cybersecurity threats. The Associated Press likens the new mark to the Energy Star program, which rates the energy efficiency of a product. But instead of rating the energy efficiency, the U.S. Cyber Trust Mark would rate an IoT device’s level of cybersecurity.

    Why is the mark being created? More and more people have IoT devices in their homes—everything from smart baby monitors to smart refrigerators. If those IOT devices have weak security, it’s much easier for a hacker to infiltrate them. Over the next decade, the proliferation of IoT devices in our homes and workplaces will only increase. “This new labeling program would help provide Americans with greater assurances about the cybersecurity of the products they use and rely on in their everyday lives,” the White House explained in a statement. “It would also be beneficial for businesses, as it would help differentiate trustworthy products in the marketplace.”

    What will the mark do for me? Besides identifying that a product has passed recommended security protection thresholds, a QR code will also accompany the mark, which the user can scan to see details about a device’s security, including whether there are any security updates or patches available for the product in question.

    What does the mark look like? Right now the U.S. Cyber Trust Mark hasn’t been revealed, but the White House says it will be “in the form of a distinct shield logo.”

    Is the mark mandatory? No. Companies will not be required to submit their products for certification or display the mark. But the hope is that as the mark becomes more widespread, consumers will seek it out, leading to more companies making sure their devices are compliant and hold the mark. To help push companies to certify their products for the program and adopt the mark, the FCC will encourage major retailers in the U.S. to prioritize shelf space and online listings for products with the U.S. Cyber Trust Mark. Retailers like Best Buy have already signed onto the program.

    What companies will use the mark? Any company that makes an Internet of Things product can enter it for certification. Right now major companies that have endorsed the new program include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung.

    What products will show the mark? Any IoT product is presumably eligible for certification. The White House specifically noted the following devices: “smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers, and more.”

    When will products begin showing the mark? The FCC still needs to finalize the program after a period of public comment. But the White House said the mark is expected to be in use in 2024.

Fast Company

(17)