Shopping for IoT Devices? Look for the “Cyber Trust Mark” Stickers

This post is also available in: עברית (Hebrew)

The Federal Communications Commission launched a new label for IoT products that meet “robust cybersecurity standards” under their new US Cyber Trust Mark program. The mark is meant to help consumers make informed purchasing decisions and find trustworthy products while incentivizing manufacturers to meet higher cybersecurity standards.

The US Cyber Trust Mark logo will appear on wireless consumer IoT products that meet the program’s cybersecurity standards, including security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers, baby monitors, and many more. In addition to this mark, users will also have a QR code that leads them to easy-to-understand details about the security of the product, including the support period for the product and whether software patches and security updates are automatic.

While the FCC announced that Compliance testing will be handled by accredited labs, the program is voluntary and will rely on public-private collaboration. Experts are concerned by this since the program lacks enforcement and doesn’t oblige manufacturers to offer a minimum support period, potentially lulling users into a false sense of security.

According to Cybernews, the FCC compared the label to the “Energy Star” logo (marking energy efficient devices). “Our expectation is that over time more companies will use the Cyber Trust Mark – and more consumers will demand it,” said FCC Chairwoman Jessica Rosenworcel.

Commissioner Nathan Simington notes that device manufacturers and software developers disclaim all liability and warranties against failures, but the new label will require them to commit to a declared support period. “They will have to diligently identify critical vulnerabilities in their products and promptly release updates correcting them. Crucially, they will be prohibited from disclaiming these promises to the consumer,” explained Simington.

Estimates show that IoT devices were attacked more than 1.5 billion times in the first six months of 2021 alone, and Transforma Insights expects that by 2030, 25 billion connected devices will be in operation worldwide.