by
The White House has launched the U.S. Cyber Trusk Mark, a new voluntary cybersecurity labeling program for internet-connected devices that aims to help consumers easily identify products that meet established cybersecurity standards.
Administered by the Federal Communications Commission, the Cyber Trust Mark will appear as a distinct shield logo label on certified devices (image above), including smart thermostats, baby monitors, home security cameras, fitness trackers and other app-controlled appliances. To earn the label, products must comply with cybersecurity criteria set by the U.S. National Institute of Standards and Technology and undergo testing by accredited laboratories.
The program seeks to address concerns over the security risks associated with Internet of Things-connected devices that are often overlooked when it comes to security. The idea is that by providing a clear and recognizable label, consumers will be able to make informed choices about the cybersecurity of the products they purchase.
“This will help consumers make informed decisions about the products they bring into their homes, will differentiate trustworthy products in the marketplace and create incentives for manufacturers to meet higher cybersecurity standards,” the FCC states on the new U.S. Cyber Trust Mark page.
Major industry players, including Amazon.com Inc., Best Buy Co. Inc., Google LLC, LG Electronics USA Inc., Logitech Inc. and Samsung Electronics Co Ltd., have expressed support for the initiative. The first Cyber Trust Mark labeled products are expected to be available later this year.
While the labeling scheme is voluntary, it may not be much of a choice for manufacturers going forward if they want U.S. government business. Reuters reports that the White House is planning an executive order in the final days of the administration of President Joe Biden that will restrict the U.S. government to only buying Cyber Trust Mark products beginning in 2027.
The labeling sounds good in theory, but cybersecurity experts are not all entirely positive, with Tim Erlin, security strategist at security research firm Wallarm Inc., telling SiliconANGLE via email that “there’s no doubt that the Cyber Trust Mark program represents meaningful forward progress in protecting consumers, but there’s also no doubt that it represents a low bar for cybersecurity. This program enforces the most basic requirements on a subset of connected consumer devices.”
“The Cyber Trust Mark program ultimately requires that manufacturers follow NIST.IR.8425, which was finalized in 2022,” Erlin explains, before adding that “it’s incredibly difficult to create technology requirements that will remain completely relevant for years to come” and that “the contributors did a reasonable job of future-proofing the requirements, but they are necessarily less specific because of that need. The devil will be in the implementation details.”
Andrew Obadiaru, chief information security officer at offensive security services company Cobalt Labs Inc., was more upbeat, saying that “the FCC’s launch of the US Cyber Trust Mark is a crucial step toward improving IoT security.”
“In our work testing IoT devices and embedded systems, we frequently uncover hardcoded credentials, exposed debug ports, and misconfigurations – vulnerabilities that give attackers easy access to networks,” Obadiaru wrote. “Once inside, adversaries can move laterally, disrupt operations, steal sensitive data, or launch ransomware attacks.”
“We recommend manufacturers prioritize regular penetration testing and firmware reviews to catch and fix these issues early,” Obadiaru added. “Addressing vulnerabilities before products reach the market reduces the risk of exploitation, safeguarding both consumers and enterprises while strengthening overall trust in connected devices.”
THANK YOU
Contentstack snaps up customer data startup Lytics to enhance content personalization
Green Bay Packers online store breach exposes credit card data of thousands of fans
Microsoft open-sources its Phi-4 small language model
AWS to invest at least $11B in new Georgia data centers
Story, Stability AI collaborate to help creators make money from their work in the AI ecosystem
Silicon for the AI edge: Chipmakers in the spotlight at CES as hardware matters again
Contentstack snaps up customer data startup Lytics to enhance content personalization
BIG DATA – BY . 17 MINS AGO
Green Bay Packers online store breach exposes credit card data of thousands of fans
SECURITY – BY . 37 MINS AGO
Microsoft open-sources its Phi-4 small language model
AI – BY . 1 HOUR AGO
AWS to invest at least $11B in new Georgia data centers
INFRA – BY . 3 HOURS AGO
Story, Stability AI collaborate to help creators make money from their work in the AI ecosystem
BLOCKCHAIN – BY . 5 HOURS AGO
Silicon for the AI edge: Chipmakers in the spotlight at CES as hardware matters again
INFRA – BY . 5 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
About The Author
More Stories
Zombie IXPs: The Four Types of Exchanges That Refuse to Die, but Fail to Live
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet