The U. S. Cyber Trust Mark: Providing Assurance That IoT Devices Are Trustworthy
By Mike Nelson, Vice President of Digital Trust, DigiCert
It’s safe to say that in 2023, the Internet of Things (IoT) train has left the station and is full speed ahead. From smart thermostats in our homes, to wearable devices like fitness monitors, to remote security cameras and connected healthcare technology, IoT devices are now everyday objects that have transformed our lives. They enable various applications and services through their ability to communicate and interact with other devices or systems and transmit data. In fact, worldwide spending on IoT is forecast to be $805.7 billion in 2023, an increase of 10.6% over 2022, according to International Data Corporation (IDC) research.
But the information these devices hold and transmit is often considered private and sensitive. And it makes sense that the manufacturers of these products need to be trusted to uphold secure development practices.
So as spending on IoT increases, how can consumers know what they are purchasing is secure and private?
Most buyers really don’t know much about the security of the devices they purchase and use today, but consumers should have the right to assume in good faith that what they are purchasing can be relied on to be secure, because the stakes are very high if these devices fail to meet that promise. We have seen many instances of breach over the years because of lapsed IoT device security. For instance, there have been multiple stories about compromised baby monitors in recent years, which is terrifying for victim families. A family purchasing a baby monitor should not have their primary concern about the said device being easily hacked. Thus, raising the standard for the security of consumer smart devices and the transparency around their privacy and security will help protect American consumers.
But the recently introduced “U.S. Cyber Trust Mark” aims to give consumers more transparency about cybersecurity details, much like a nutritional label, to inform consumers about what they are getting. Announced in July through a memorandum issued by the White House, this labeling initiative would give buyers a sense of reassurance regarding the safety of the technology introduced into their households and lives. This move would also encourage manufacturers to adhere to more stringent cybersecurity benchmarks, while motivating retailers to promote devices that prioritize security and digital trust. It has the potential to instill a sense of assurance and reliance in consumers, giving them the confidence to know that the device they are acquiring has undergone testing to fulfill specific cybersecurity criteria.
There are several key components for manufacturers who want to obtain a U.S. Cyber Trust Mark:
Comprehensive Evaluation: To qualify for the trust mark, organizations must undergo a comprehensive evaluation of their cybersecurity practices. This evaluation encompasses various aspects such as network security, data protection, incident response, employee training and compliance with relevant cybersecurity regulations.
Continuous Monitoring: The certification process doesn’t end with a one-time evaluation. Instead, organizations must commit to ongoing monitoring and improvement of their cybersecurity measures to maintain the trust mark. This ensures that cybersecurity remains a top priority and keeps pace with emerging threats.
Industry-Tailored Criteria: Recognizing that different industries face unique cyber risks; the U.S. Cyber Trust Mark initiative establishes tailored criteria for different sectors. This approach allows for a more targeted evaluation of cybersecurity measures, ensuring that specific industry challenges are adequately addressed.
A New Era in IoT Trust and Security
We believe the U.S. Cyber Trust Mark initiative represents a pivotal step towards a more secure digital ecosystem. That’s why we are passionate about backing the U.S. Cyber Trust Mark project. DigiCert has also actively participated in enhancing IoT cybersecurity through multiple other initiatives, such as the Cloud Security Alliance, Matter and NIST standards development.
The kind of assurance the Trust Mark labeling provides is in demand by consumer. Just look at the numbers: DigiCert research finds If companies do not manage digital trust effectively, they stand to lose customers. Our survey found 84% of customers would consider switching to another company if they lose confidence in digital trust – and 57% say switching would be likely. But labels that signify stringent IoT security standards could potentially bring about a groundbreaking shift in ensuring users’ digital confidence.
By incentivizing organizations to prioritize cybersecurity and acknowledge their efforts through a recognized certification, it encourages the adoption of best practices and continuous improvement in security and digital trust. As the program gains momentum, it has the potential to significantly enhance cybersecurity measures across industries, making the IoT use safer for everyone involved. Whether you’re a business owner, an investor, or a consumer, the U.S. Cyber Trust Mark becomes a symbol of confidence in the face of ever-evolving cyber threats and privacy concerns.
About the Author
Mike Nelson is the VP of Digital Trust at DigiCert. In this role, he oversees strategic market development and champions digital trust across organizations to protect servers, users, devices, documents, software and more. Mike frequently consults with organizations, contributes to media reports and speaks at industry conferences about the risks of connected technology, and what can be done to improve the security of these systems.
Mike can be reached online at (mike.nelso@digicert.com) and at our company website http://www.digicert.com/