Consumer IoT is one of the fastest-growing environments for connected devices. The ‘smart home’ revolution has created hundreds of new connections within homes (i.e. digital assistants, smart plugs and switches, and more) and even outside of homes throughout properties. For example, smart meters, connected landscaping systems, and home security tools.
Innovation must be balanced with security. Unfortunately, consumer IoT has faced myriad challenges in the forms of lax security, unavailable patches for vulnerabilities, and standard passwords across a product class that consumers may not change once set up at home. Each device connected to the internet represents the growing attack surface and potential vulnerability if not secured.
In an effort to address these challenges, the Biden administration has collaborated with industry partners, including Armis, to release a new voluntary program that will encourage manufacturers to improve the security of their products and help consumers better understand cybersecurity surrounding these connected assets to make more informed purchasing decisions to better secure their environments.
What is the U.S. Cyber Trust Mark Program?
On July 18th, the White House announced the long-awaited IoT cybersecurity labeling initiative, the U.S. Cyber Trust Mark program. The program represents a new focus on strengthening IoT security for consumers. It provides cybersecurity guidance to manufacturers, encouraging them to harden their products and provide clear labeling on new products indicating their compliance with the program. The U.S. Cyber Trust Mark program will empower consumers to make educated decisions about their IoT security and encourage the growth of more robust smart device security overall.
A guiding component of this program is the concept of consumer knowledge. By marking compliant products, consumers are empowered with the knowledge to make critical security decisions about their homes and environments. Helping consumers to make those choices is the Cyber Trust Mark, along with some other features. Alongside the Cyber Trust Mark will be QR codes that lead to a registry of devices and display information about device security. Alongside the DOJ and other regulators, the commission will provide oversight and enforcement safeguards to maintain trust in the program and keep device security up to date. This commitment to keeping security current means that the U.S. Cyber Trust Mark won’t be a one-and-done badge of honor to put on a device; it indicates a continued commitment to ongoing security.
Why asset intelligence is key
In our role as a partner to the administration, Armis is enhancing the visibility and security posture of IoT devices deployed by the federal government, states, and enterprises and their alignment with the labeling scheme controls. Armis will continue to provide actionable asset visibility and threat intelligence on novel attack vectors for IoT/OT as part of our overarching mission to monitor the entire attack threat landscape. Armis will work with the administration and government partners, together with our ecosystem of partners, to inform future IoT security controls, measurability, innovations, and processes that can elevate security.
Our experience discovering and contextualizing devices across a broad spectrum of industries positions us to continue the vital work of defining the needs and standards of connected asset security. The renewed focus on consumer smart device security represents a critical turning point in recognizing the need for better protection and cybersecurity around connected assets across the board – of which we could not agree more and have been emphasizing the critical nature of, so are fully here to support.
With connected asset security top-of-mind, consumers extend this knowledge beyond the home to workplaces
On a broader scale, consumers having more knowledge about security and a greater ability to identify secure products also benefits the organizations that employ them. Over the last few years, work from home has evolved from a niche work option offered only to some employees to an extremely common option offered to some degree or another by a large percentage of employers. Additionally, flexible options that include some days at home are also increasingly common. Both options involve employees bringing corporate devices into their homes in a shared space with potentially unsecured consumer devices. The security of organizations is now inextricably linked with the security of their employees’ home environments in these cases. But, better security practices at home will also transfer to physical workplaces across industries, as employees will bring this education with them into various work environments, keeping them in mind as new assets are brought online or old assets are disconnected from business networks.
Resources for continued education
At Armis, we know the critical nature of having full visibility and contextual, real-time insight when it comes to securing the attack surface. The White House’s new program is another great step in extending that security awareness and education to all Americans and encouraging better security measures across the globe.
As the experts, we’re always here to help to provide further education on how to address the new extended attack surface that connected assets create so that we can effectively balance innovation and security at home and at work.
For more resources related to securing the extended attack surface, please visit our blog to read the below posts:
- What is attack surface management and what role does CAASM play?
- How can you close the growing security gap between managed vs. unmanaged assets?
Interested in connecting to discuss further? Contact Armis here: https://www.armis.com/about/contact-us/