Q: What will the U.S. Cyber Trust Mark mean for nontechnical people?
A: Our appetite for smart gadgets in our homes has opened an attack vector for a variety of bad actors. Smart devices, such as TVs, thermostats, baby monitors, health monitors and security cameras can be vulnerable because they often incorporate weak security measures.
Estimates are that nearly 17 billion smart devices are now connected to the Internet around the world and are a huge target for hackers.
These devices pose risks to individual consumers and can be used in wide-scale cyberattacks on critical resources and infrastructure.
Hackers go after the weakest link; in this case, it’s all our Internet-connected smart gadgets.
A government initiative called the U.S. Cyber Trust Mark has been in the works since last year to encourage manufacturers to voluntarily provide more secure devices and offer consumers an easier way to identify them.
It will be much the same as Energy Star or Underwriters Laboratory badges that designate energy savings and safety measures.
The “mark” will be a small shield logo in five colors, and will appear on smart devices that meet certain security standards which have yet to be defined. It will be accompanied by a QR code that links to detailed information about the standards that the device is complying with.
The thought is that consumers can quickly research items on a shelf for security and privacy concerns before making a purchase.
The reason for the different colors is that devices with certain features — for example, a camera — pose different security and privacy risks than those without.
The current discussions cover things like eliminating default passwords, forcing longer and stronger passwords, regular software updates and secure firmware, which is the software that ultimately controls the capabilities of a piece of hardware.
The hope is that starting next year, this marking system will help consumers choose more secure smart devices that meet these standards.
One of the most important devices in your home is the router, which is what connects you to the Internet and shields the connected devices in your home.
If your router is compromised, a remote hacker could gain complete control over your entire network. A key focus of the Cyber Trust Mark is making sure complicated security measures don’t require nontechnical consumers to read manuals and figure it out on their own.
It’s no silver bullet
One of the risks of this program is that it could encourage users to gain a false sense of total security. Having a really strong password is useless if you use the same one everywhere or fall victim to sophisticated phishing scams that reveal your passwords.
This new program is one small layer that can help consumers be safer, but it shouldn’t be looked at as the ultimate security blanket.
You shouldn’t wait for this initiative to secure your own devices, especially if you’re still using easy-to-crack eight-character passwords or haven’t activated Multi-Factor Authentication on your existing accounts.
You can easily make your passwords more secure by doubling your existing eight characters to 16 and creating new ones if you haven’t done so in a couple of years.