Cyber Trust Mark: Redefining IoT security for manufacturers and the cybersecurity industry
The program will also help improve national security since many of these devices are used in government and military environments.
The march toward a national cybersecurity label for wireless Internet of Things (IoT) devices took a big step forward last year with the adoption of the rules and framework. Under the program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label — a new “U.S Cyber Trust Mark” — that will help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace and create incentives for manufacturers to meet higher cybersecurity standards.
Similar to the Energy Star certifications created in the 1990s to label energy efficient electronics, the U.S. Cyber Trust Mark will restore trust in an industry that has a checkered history of making accurate cybersecurity claims. The federal government, manufacturers and cybersecurity vendors need to continue to work together to make the program a reality, using the label as proof that IoT devices meet basic cybersecurity standards.
In addition to protecting consumers, the program will also help improve national security since many of these devices are used in government and military environments. It will also streamline government regulators that have been focused up to this point on going after non-compliance after the fact rather than a proactive labeling system.
IoT devices pose a major security risk
It’s no secret that the explosion of IoT devices across nearly every aspect of our lives puts our personal privacy at great risk. Billions of these devices are built each year across complex overseas supply chains with very little oversight or control and are installed in our homes, our offices and in public. They connect with each other and to the Internet, tracking and reporting on our usage as a way to enhance the customer experience. This includes everything from TVs and kitchen appliances to lightbulbs and bathroom exhaust fans.
Unfortunately, threat actors have gotten really good at exploiting poor or non-existent cybersecurity protections in these devices — easily taking them over, spying on our behaviors, stealing information and even using them to launch coordinated attacks on other targets. Built quickly and cheaply by companies with little cybersecurity experience, most IoT devices are easily breached due to insufficient cybersecurity controls or poor or nonupdated passwords. When vulnerabilities are identified, they are rarely patched due to indifference, complex supply chains or flat-out incompetence.
It’s gotten so bad that the federal government has had to bar several IoT manufacturers from operating in the U.S. market due to the danger they pose to consumers and national security. Just in the past five years, the FCC has banned several IoT device manufacturers from doing business in the U.S. due to cybersecurity and national security concerns — including devices made by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology and Dahua Technology, among others.
U.S. Cyber Trust Mark replaces reactive actions with proactive compliance
Going after companies that don’t meet basic cybersecurity safeguards is necessary for consumer protection and national security, but requires a lot of effort and resources from government regulators. Implementing a voluntary U.S. Cyber Trust Mark program would shift compliance focus from reactive investigations and issuance of penalties to a more proactive strategy. Setting ground rules for carrying the U.S. Cyber Trust Mark label would help prevent egregious security issues by requiring basic cybersecurity practices — such as the use of encryption for network-to-network communications, the elimination of using sequential serial numbers and preventing devices from storing full passwords.
Here are three actions that government stakeholders, IoT manufacturers and cybersecurity vendors can do to ensure U.S. Cyber Trust Mark has the intended effect on consumer and national security:
- Drive accountability
Requiring IoT devices to meet basic cybersecurity standards to carry the U.S. Cyber Trust Mark label would make manufacturers more accountable by providing transparency into the security status of their products. Consumers and the public at large would trust they are protected from malicious intent and products are being updated as needed.
- Increase collaboration
The U.S. Cyber Trust Mark would also require manufacturers and testers to work together to meet the standard. Labs will need to establish testing parameters that can be used as best practice for manufacturers. Cybersecurity vendors would have to lend their expertise to make sure the latest techniques are being used and current threats are addressed. This industry-wide collaboration will make IoT cybersecurity stronger and more flexible, ensuring protections are up-to-date with the latest security innovations.
- Address implementation challenges
Standardizing cybersecurity coverage for IoT devices would also streamline the procurement and implementation processes across enterprise and government markets. Knowing that the device meets certain standards leads to informed decisions that can be communicated and approved more quickly. In fact, devices baring the U.S. Cyber Trust Mark label could be fast-tracked across procurement processes. This, ultimately, will lead to faster time to market and better value and quality of the products. Both consumers and enterprise buyers just want to purchase a product, plug it in and know it works. A standard would make that a reality.
A win for the entire industry
IoT devices pose a significant cybersecurity risk for consumers, enterprises and government agencies. The U.S. Cyber Trust Mark program will proactively ensure all products sold in the U.S. market meet basic cybersecurity standards. But this just isn’t a win for buyers. The IoT industry as a whole will benefit by building trust, increasing collaboration among various stakeholders and fast-tracking devices that meet standards. And that’s a win for everyone.
Dan Berte is IoT Director at Bitdefender, a leading cybersecurity company.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
