US Cyber Trust Mark, friend or foe?​​

​

Following on from the UK’s recent Product Security and Telecommunications Act 2022 (PSTI), the US Cyber Trust Mark announced by the Biden-Harris Administration back in July 2023 is expected to be enforced towards the end of 2024, bring with it the new cybersecurity standards for connected device manufacturers, we ask Iain Davidson, Senior Product Manager, Wireless Logic will this add yet another layer of security (or confusion) for IoT?

“Hot on the heels of the UK PSTI Act, the US Cyber Trust Mark is a timely addition to the growing body of regulations aimed at enhancing the security of connected devices.  It’s encouraging to see the industry’s collaborative efforts to tackle current and future IoT security threats by establishing robust standards that span the entire product lifecycle.  There is a strong commitment to fostering a proactive, ‘secure-by-design’ culture, significantly reducing the burden on end users to ensure device security.”
 
“However, these new regulations introduce a layer of complexity for device manufacturers.  As guidelines evolve and differ across regions, companies with global operations will face challenges making sense of it all in a bid to remain compliant.  With the NIS 2 Directive, the UK’s Code of Practice for Consumer IoT Security and the Cyber Resilience Act, the landscape is becoming increasingly complicated.  Although many of these regulations reference the ETSI EN 303 645 standard, there are growing concerns about how each regulation will be enforced and the specific territorial requirements that need to be met.  It’s important to recognize that these developments are just the beginning.  We can expect further legislative shifts as regulators continue to evaluate these measures and refine the IoT security landscape in their respective regions.  It’s important to stay vigilant and adaptable to keep pace with this evolving environment.”

“It looks like we’re seeing a gradual shift towards universal standards for connected device security.  While this approach is great in theory, implementing it globally will be tricky due to varying international laws and compliance requirements.  Therefore, device manufacturers must take greater accountability, ensuring they meet existing requirements while staying informed about sector-specific standards and incoming legislation.  Adopting a 360-degree approach to security is essential to manage the complexities of international compliance and contribute to a more secure IoT ecosystem.”