Manufacturers of consumer IoT and smart devices will soon be able to apply for the U.S. Cyber Trust Mark, a new U.S. government initiative designed to improve the cybersecurity of connected devices.
It’s unclear what impact this will have on the custom home installation industry, but the cybersecurity of smart home devices has long been an issue, with IoT devices being among the most difficult to secure due to a lack of baseline cybersecurity standards. This program, however, aims to change that.
The U.S. Cyber Trust Mark is a cybersecurity certification and labeling program that was piloted in July 2023 by the Federal Communications Commission (FCC) to help consumers identify smart devices that meet established cybersecurity standards.
Similar to the ENERGY STAR program for energy-efficient appliances, this initiative aims to enhance consumer confidence in the security of Internet of Things (IoT) devices and encourage manufacturers to adopt higher cybersecurity measures.
Following a feedback round stretching from August 2023 to March 2024 when the FCC finally approved the program, the Cyber Trust Mark program has now officially launched with UL Solutions acting as the lead administrator for the program.
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.
As smart devices become increasingly integrated into daily life, concerns about their vulnerability to cyber threats have grown. The U.S. Cyber Trust Mark addresses these concerns by providing a clear indication that a device complies with specific cybersecurity criteria, enabling consumers to make informed purchasing decisions.
Recent research suggests that the IoT cybersecurity landscape is fraught with issues. According to research from NETGEAR and its partner for cybersecurity offerings Bitdefender, there are 21 connected devices per household globally, and home network devices see an average of 10 attacks every day, the companies claim. The majority of incidents are botnets, in which attackers compromise devices and use them to send traffic to overwhelm systems in what is known as a DDOS (distributed denial-of-service) attack.
In addition to network devices like routers, smart TVs, streaming devices, smart plugs, DVRs and IP cameras are among the most targeted devices due to their popularity and amount of vulnerabilities discovered.
The program is voluntary and involves several key components, according to the FCC:
According to the FCC, a wide range of IoT devices will be eligible for the Mark, including home security cameras, voice-activated shopping devices, smart speakers, smart appliances, fitness trackers, garage door openers, and baby monitors.
However, many other devices will not be included, such as wired devices, medical devices regulated by the FDA, industrial devices, products used in national security environments, and others.
The FCC stresses that the program is currently focused on wireless consumer IoT products, which could rule out many products from manufacturers in the custom home installation space. However, that may change over time, the agency says.
Further, the program also does not currently include routers, but the FCC caveats that NIST is currently working to define cybersecurity standards for consumer-grade routers.
The program will adopt the criteria outlined by the National Institute of Standards and Technology (NIST), focusing on cybersecurity controls which should be implemented for security of the entire lifecycle of an IoT product and its associated services, according to UL Solutions, a testing lab that has been chosen as the program’s lead administrator.
The NIST IoT cybersecurity criteria cover various technical and nontechnical areas, including asset identification, product configuration, data protection, interface access control, software updates, cybersecurity state awareness, documentation, information and query reception, information dissemination and product education and awareness, according to UL Solutions.
The requirements, while not finalized or published, are expected to be similar to those outlined in NIST IR 8425. According to that document, devices should:
In addition, manufacturers will be required to be transparent about cybersecurity, respond to questions from consumers and other entities, and public timely information about product vulnerabilities, remediation guidance, and more.
Major retailers and manufacturers have expressed support for the initiative. In the consumer world, several popular and well-known manufacturers have signaled their support for the program, including Amazon, Google, Samsung, LG, and others. Best Buy has also said the electronics retailer will highlight products with the mark.
In the custom smart home world, CEDIA, Crestron, CSA, CTA, and other companies and organizations have also signaled their support for the program.
To ensure the program’s success, the FCC, in collaboration with stakeholders, plans to undertake consumer education efforts. These initiatives aim to familiarize consumers with the new label and its significance, helping them make informed choices about the cybersecurity of products they bring into their homes.
It is no secret that most end customers of CEDIA channel integrators are wealthy, important people that will likely be concerned about the security of their home networks and smart home devices. In fact, we’re seeing these issues play out in real time with well-known, wealthy professional athletes becoming targets of burglars that are using advanced technologies to bypass home security systems.
We’ve seen an increased emphasis on cybersecurity in recent years in this market, and new cybersecurity companies like SpecOp Secure have entered the CEDIA channel to improve smart home security. Anecdotally, integrators have increasingly said their customers are asking about cybersecurity.
While these developments are a step in the right direction, integrators and their customers are largely at the mercy of the design of the products they install. The ability to offer products with the Cyber Trust Mark could help establish more trust with security-minded customers.
The post 2024 Lighting Controls and Fixtures Report appeared first on CEPRO.