Federal Communications Commissioner Simington Calls For Robust US Cyber Trust Mark

The premise of the US Cyber Trust Mark is simple. As a device manufacturer, you certify that your device meets a list of cybersecurity criteria, such as that you use modern secure communications protocols and implement secure authentication, and in exchange, you get to put a flashy US Cyber Trust Mark logo on your packaging and sales materials, effectively an endorsement from the federal government of the security of your product. In addition to the moral and persuasive authority of the federal government on such issues, the true value of the mark will probably come from organizations, including the federal government itself, adopting the mark as a requirement for their procurement of connected devices. But for the mark to truly transform the security landscape, rather than just add another bureaucratic requirement to already convoluted and wasteful procurement policies, the program needs to be designed correctly. First, the program cannot merely be a checklist of specific security features that a product must have. If security could be reduced to a list of criteria, then it wouldn’t be such a continuing problem. Second, the goal should not be to hand out as many cyber trust mark certifications as possible. Third, receiving the US Cyber Trust Mark should not give a manufacturer a shield from liability.