Cyber Trust Mark: The Definitive Guide to IoT Security

Reports

In July 2023, the White House introduced the U.S. Cyber Trust Mark, a voluntary cybersecurity certification and labeling program that aims to elevate the level of cybersecurity across connected devices in the United States. This move comes at a time when the Internet of Things (IoT) market is experiencing exponential growth, which can be attributed to its adoption across sectors, including manufacturing, automotive, healthcare, and logistics, in addition to its ubiquity in consumer products. IoT devices are enriching daily life and enabling greater efficiency and productivity, but also creates new risk exposures.

 

Historically, cybersecurity software has been viewed as a separate entity from the product design. Oftentimes, IoT device security testing occurs late in the design stage, which can lead to unidentified gaps in production and vulnerabilities in the product. The largest challenge in IoT security, however, is the devices themselves. IoT devices often rely on unknown operating systems with unknown libraries and revisions that are accompanied by a host of equally unknown vulnerabilities. By contrast, traditional devices like laptops and computers use well-established, universal operating systems where the vulnerabilities are well-understood, cataloged, and recorded.

 

As IoT devices become more important in both consumer and professional settings, millions, if not billions, of new endpoints — and vulnerabilities — are coming online. As a result, the already staggering US$3 trillion global cost of cybercrimes is predicted to exceed US$10.5 trillion in 2025, according to an eSentire report published in 2022. Individuals and businesses alike recognize the significant impact that cybersecurity has on their financial stability, and their buying behaviors reflect this change. Companies that invest in designing devices with robust cybersecurity will find high returns on their security spend as customers become savvier and security-conscious.

 

Participation also makes good business sense. In a survey conducted by McKinsey, 60% of IoT buyers cite trusted cybersecurity as a critical aspect of IoT solutions. Thirty-one percent of enterprise IoT buyers cited cybersecurity as the leading impediment to smart device adoption, with most of those indicating that they would invest more heavily in IoT with strengthened security. Device manufacturers that respond to this shifting demand voluntarily will find their efforts rewarded with higher profit margins and stickier clients.

 

The US Cyber Trust Mark program, which is expected to roll out in 2024, aims to establish baseline IoT device cybersecurity, strengthen security of smart devices, and protect the privacy of their users. It is one of several similar regulatory proposals introduced internationally, like the European Union’s (EU) Cyber Resilience Act. The newly announced American program and others like it are working with device manufacturers and standards bodies to develop standard baseline cybersecurity and data privacy requirements that all meet or exceed.