Cyber Security Threat Summary:
“A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose connected devices that are more secure and resilient to hacker attacks. A proposal from the Federal Communications Commission, the program is expected to roll out next year with smart device vendors committing to it voluntarily. Major vendors and makers in the U.S. have already announced their participation. Among them Amazon, Google, Best Buy , LG Electronics U.S.A., Logitech, and Samsung Electronics” (Bleeping Computer, 2023).



Using cybersecurity criteria set by the National Institute of Technology (NIST), the U.S. Trust Mark program will help organizations recognized internet connected products that meet an acceptable level of security capabilities. These include use of strong default passwords, data protection capabilities, software updates, and incident detection capabilities. Participating products that meet NIST’s threshold will be able to label their products with a “distinct shield logo.”

The labeling is intended for common smart devices for consumers, ranging from refrigerators, microwave ovens, television sets, climate control systems, to fitness trackers, reads the announcement from the Biden-Harris Administration. “Acting under its authorities to regulate wireless communication devices, the FCC is expected to seek public comment on rolling out the proposed voluntary cybersecurity labeling program, which is expected to be up and running in 2024” - White House

Security Officer Comments:
This will be hugely beneficial for smart device consumers. Not only will consumers be able to identify internet connected devices that have more robust security capabilities, but the Trust Mark should put additional pressure on device makers to add security functionality to their products. IoT devices are notoriously known for not being developed with security in mind. Some have unchangeable default passwords, manual updates, and often lack multi-factor authentication. Vulnerable IoT devices can be used as an initial access point into a victims network.

“Until the program launches, the Biden-Harris Administration and the Cybersecurity and Infrastructure Security Agency (CISA) would support the FCC’s effort to educate consumers to look for the Cyber Trust Mark on the products they decide to purchase. To improve transparency and stimulate competition, certified devices would be listed into a national registry that consumers could consult via a QR code to compare the security information present in multiple products” (Bleeping Computer, 2023).

NIST will also define security requirements for consumer-grade routers, which have been the recent targets of cybercriminal and nation-state groups. The program also aims to include smart meters and power inverters that are at the basis of the clean, smart grid of the future.

Link(s):
https://www.bleepingcomputer.com/