A new labeling program for smart devices from the National Institute of Standards and Technology (NIST) has received the official green light from the White House, and is set to roll out in 2024. The U.S. Cyber Trust Mark is roughly comparable to the Energy Star program in providing consumers with at-a-glance information about product safety.
Like Energy Star, the program is also voluntary and will require ongoing effort to convince manufacturers and retailers to add Cyber Trust Marks to products and make consumers aware of them. Some major companies have already pledged their support, but it remains to be seen whether the program can match Energy Star’s effectiveness.
QR code labels will provide consumers with more information about smart devices
As it stands, the Cyber Trust Mark program will most likely communicate to consumers via a scannable QR code that provides detailed information about the security status of smart devices: how long the device will be supported with updates for, security protocols or technologies it implements, and so on.
Critics already see potential problems with program adoption. One is that it is still not entirely clear exactly what each of these “nutrition labels” will contain; the initiative has been sent back to the FCC to be finalized over the remainder of 2023. There is also the issue of requiring the scanning of a QR code to receive the full range of information, something consumers may not want to do (or even be able to do if they are not carrying a smartphone).
The Cyber Trust Mark does represent at least a first attempt by the US government at improving the generally sorry state of security in home and office smart devices, however. Ideally, consumers will also be able to easily look up the security features and status of devices that are already on the market and in their property, but it is not clear if the FCC will prompt manufacturers to do any retroactive labeling.
Such an effort would be very helpful, as it seems almost inevitable that products that opt for the Cyber Trust Mark will end up being priced at least a little higher than they are at present. This could push consumers to stick with what they already have for longer, if these price increases tend to be common across the market.
It is also not yet clear if Cyber Trust Mark will be accompanied by an awareness program to help consumers understand why these security features are important and exactly what the risks of using smart devices are. There is still broad sentiment among less tech-savvy consumers that things like a smart refrigerator or light don’t need to be secured, due to lack of awareness of how these touchpoints can be used for broader compromise of any network the devices are connected to.
Cyber Trust Mark captures early supporters in big tech, but has no enforceable terms
Big names such as Google, Amazon, Samsung and Best Buy are already on board with the Cyber Trust Mark plan. But the system presently has no real means of enforcing standards on its participants, in terms of requiring them to implement certain security improvements in their smart devices.
By comparison, the Energy Star program has managed to persist for a little over 30 years now and has signed up nearly 2,000 appliance manufacturers and about 1,200 businesses at the retail end. Cyber Trust Mark has some big names under its belt already, but will need much more than the roughly 20 current participants to have a similar impact.
More details will be forthcoming from the FCC as 2023 continues along its back half. The current plan for the Cyber Trust Mark is a shield with a microchip in the middle of it, though this too might change by the time the program is finalized.