Page 153 - Cyber Defense eMagazine October 2023
P. 153
So as spending on IoT increases, how can consumers know what they are purchasing is secure and
private?
Most buyers really don’t know much about the security of the devices they purchase and use today, but
consumers should have the right to assume in good faith that what they are purchasing can be relied on
to be secure, because the stakes are very high if these devices fail to meet that promise. We have seen
many instances of breach over the years because of lapsed IoT device security. For instance, there have
been multiple stories about compromised baby monitors in recent years, which is terrifying for victim
families. A family purchasing a baby monitor should not have their primary concern about the said device
being easily hacked. Thus, raising the standard for the security of consumer smart devices and the
transparency around their privacy and security will help protect American consumers.
But the recently introduced "U.S. Cyber Trust Mark" aims to give consumers more transparency about
cybersecurity details, much like a nutritional label, to inform consumers about what they are getting.
Announced in July through a memorandum issued by the White House, this labeling initiative would give
buyers a sense of reassurance regarding the safety of the technology introduced into their households
and lives. This move would also encourage manufacturers to adhere to more stringent cybersecurity
benchmarks, while motivating retailers to promote devices that prioritize security and digital trust. It has
the potential to instill a sense of assurance and reliance in consumers, giving them the confidence to
know that the device they are acquiring has undergone testing to fulfill specific cybersecurity criteria.
There are several key components for manufacturers who want to obtain a U.S. Cyber Trust Mark:
Comprehensive Evaluation: To qualify for the trust mark, organizations must undergo a comprehensive
evaluation of their cybersecurity practices. This evaluation encompasses various aspects such as
network security, data protection, incident response, employee training and compliance with relevant
cybersecurity regulations.
Continuous Monitoring: The certification process doesn't end with a one-time evaluation. Instead,
organizations must commit to ongoing monitoring and improvement of their cybersecurity measures to
maintain the trust mark. This ensures that cybersecurity remains a top priority and keeps pace with
emerging threats.
Industry-Tailored Criteria: Recognizing that different industries face unique cyber risks; the U.S. Cyber
Trust Mark initiative establishes tailored criteria for different sectors. This approach allows for a more
targeted evaluation of cybersecurity measures, ensuring that specific industry challenges are adequately
addressed.
A New Era in IoT Trust and Security
We believe the U.S. Cyber Trust Mark initiative represents a pivotal step towards a more secure digital
ecosystem. That’s why we are passionate about backing the U.S. Cyber Trust Mark project. DigiCert has
also actively participated in enhancing IoT cybersecurity through multiple other initiatives, such as the
Cloud Security Alliance, Matter and NIST standards development.
Cyber Defense eMagazine – October 2023 Edition 153
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
