Impending US cyber trust mark adds another layer of security (or confusion) for IOT? – Wireless Logic Comments
June 2024 by Iain Davidson, senior product manager at Wireless Logic
The Biden-Harris Administration announced it would be launching the US Cyber Trust Mark back in July 2023, calling for stricter measures to protect end users. While an exact date hasn’t been confirmed, it is expected that the legislation will be enforced towards the end of this year. From there, connected device manufactures will be required to meet new cybersecurity standards and display a sticker on their products to confirm these standards have been met. This follows the UK’s recent Product Security and Telecommunications Act 2022 (PSTI), adding another layer to IoT-security.
Iain Davidson, senior product manager at Wireless Logic, maps the current IoT-security landscape:
“Hot on the heels of the UK PSTI Act, the US Cyber Trust Mark is a timely addition to the growing body of regulations aimed at enhancing the security of connected devices. It’s encouraging to see the industry’s collaborative efforts to tackle current and future IoT security threats by establishing robust standards that span the entire product lifecycle. There is a strong commitment to fostering a proactive, ‘secure-by-design’ culture, significantly reducing the burden on end users to ensure device security.
“However, these new regulations introduce a layer of complexity for device manufacturers. As guidelines evolve and differ across regions, companies with global operations will face challenges making sense of it all in a bid to remain compliant. With the NIS 2 Directive, the UK’s Code of Practice for Consumer IoT Security and the Cyber Resilience Act, the landscape is becoming increasingly complicated. Although many of these regulations reference the ETSI EN 303 645 standard, there are growing concerns about how each regulation will be enforced and the specific territorial requirements that need to be met. It’s important to recognise that these developments are just the beginning. We can expect further legislative shifts as regulators continue to evaluate these measures and refine the IoT security landscape in their respective regions. It’s important to stay vigilant and adaptable to keep pace with this evolving environment.
“It looks like we’re seeing a gradual shift towards universal standards for connected device security. While this approach is great in theory, implementing it globally will be tricky due to varying international laws and compliance requirements. Therefore, device manufacturers must take greater accountability, ensuring they meet existing requirements while staying informed about sector-specific standards and incoming legislation. Adopting a 360-degree approach to security is essential to manage the complexities of international compliance and contribute to a more secure IoT ecosystem.”