White House’s Plan to Label Security 

Very similar to the Energy star program, which labels energy efficiency, the White House is introducing the Cyber Trust Mark! It was announced last year in July 2023 and plans to fully rollout by the holiday season of 2024. If successful the initiative will help people know at a glance just how seriously the products they buy are protected from attack.

These symbols will be placed on products of partner companies which have met the security standards of the National institute of Standards and Technology (NIST). With the proliferation of smart devices and the rise of cyber threats, companies need to meet a lot of different standards on numerous different products to ensure security for them all. It can be difficult or expensive to do this, and many companies follow their own rules. Often lowering standards to reduce costs.

To standardize security guidelines, NIST developed standards for the public to follow. NIST advocates their guidelines as the baseline required for device safety. Devices/companies which skirt the regulations or fail to adhere to those standards are extremely vulnerable to simple intrusion methods.

To address the issue of consumer awareness and standardization of security practices we have the Trust Mark. The White House and the FCC are offering a voluntary partnership to willing companies. Once accepted into the initiative companies are pledging that the products which bear this mark are created following all the best practices of security listed by NIST. It's not a guarantee that you're completely safe, but it does mean that the FCC backs the companies claim of security on their devices.

Want to stay up to date and learn more about Cybersecurity? Subscribe for free to receive updates weekly.

So What Will This Do For Your Security?

Well, This mark will make it clear which products are made following the NIST Cybersecurity Framework. Not only that, the symbol will be displayed near a QR code which links to a registry of certified devices. This registry will contain all you need to know on the product you are buying and how it compares to others of a similar type. This initiative primarily focuses on Internet of things (IoT) and the registry could help you pick which one suits your security preferences.

IoT devices or smart devices are increasingly common in the home. Everything from smart fridges to Alexa’s or motion sensors are connected to the internet. Believe it or not, many of these devices are targets of malicious actors. Some more at risk than others, but all can be an entry point into your home network. Any entry point is a threat to your personal information and should be taken seriously.

The program also hopes to encourage a sort of standardization of security practices for companies leading to less vulnerabilities. This will not stop you from getting hacked though. Most breaches of security come in the form of social engineering, such as phising, scams or malicious links. You will still have to guard against that. But with the Trust Mark you can be sure that known vulnerabilities in hardware and software have been addressed according to best practices.

If this program launches successfully, consumers can be on the lookout for the Cyber Trust Mark symbol to start popping up in stores. I would likely not buy a product which has either opted out or ignored the the program. The NIST is very dedicated and the standards they require are effective and well researched baselines of cybersecurity. Many of their guidelines should be standard practice for all internet connected devices. Devices that do not meet these standards are at significant risk in the modern threat environment. There are any number of small every day actions which could lead you to getting hacked, the last thing you want is a poorly configured device making things worse by leaving the door open.