Cyber Trust: India Needs it Urgently

Remember the series of television ads that the Reserve Bank of India (RBI) brought out to promote security in monetary transactions and its own role in the governance process? They got our cricketers to provide little nuggets of information during actual matches, which went a long way in promoting digital payments and building awareness around payment frauds. 

If India’s growth story around eCommerce and other forms of digital engagements are to replicate this growth (supported by UPI payments), the country needs to bring forth a similar exercise to promote cyber safety. In fact, they could well take a leaf out of the United States where the Biden administration launched its cybersecurity labeling program. 

The much-touted and long-delayed program, which aims to protect Americans against security risks associated with Internet of Things (IoT) devices, has been named the US Cyber Trust Mark. Remember the ISI mark of yore in India? Well, this is something similar and would tell buyers that the devices they’re purchasing are well protected against cyber attacks. 

Importance of trust and diligence in digital

In a signed article published by the Hindu last December, Broadband India Forum’s T V Ramachandran noted that “a trusted internet is most essential for achieving a broader adoption of technologies, products and services.” Thus, an intelligence and agile internet governance embedded firmly in the minds of all stakeholders becomes crucial for the future, he adds. 

He notes that technology innovations such as 5G, VR, and AI have the internet at the backbone and digital transformation results in more automation of activities for enhanced efficiencies. All of this would have minimal human intervention but greater impact on society, which means there is a need for countries, industry and academia to work together to create trust in the system. 

US launches its own Cyber Trust Mark initiative

Which is exactly what the Biden administration is attempting to do now. It came out with a labeling system that will raise the bar for IoT security by informing buyers about the security credentials of the companies that make these products. The Cyber Trust Mark will be a distinct logo that will appear on products meeting the established standards. 

These standards were set up by the National Institute of Standards and Technology and contain several prerequisites for acquiring the trust markings. For e.g., devices need strong default passwords, provide regular security updates and share incident detection capability updates for the lifetime of the product. Of course, the full set of such norms are still in the making with the NIST set to resume work on defining standards around consumer grade routers, given the recent scare from hackers of Chinese origin. 

Singapore was among the earliest to take this route. On their website, Singapore’s cybersecurity agency says any organization, big or small, embarking on a digital journey or expanding on an already existing model are at risk. The program helps companies in Singapore better protect themselves in the digital domain and enhance their cybersecurity. 

What does the Cyber Trust Mark mean?

A published report in TechCrunch quoted the White House as confirming that the Cyber Trust Mark will also include a QR code that will link to a national registry of certified devices. It will also provide up-to-date security information on software update policies, data encryption and vulnerabilities as well as their solutions. 

Once the standards get set, the administration would also encourage retainers to prioritize labeled products, both in physical and digital stores. The report also noted that several companies including Amazon have already signed up for the initiative with companies such as Google, LG, Qualcomm and Samsung also agreeing to the voluntary labeling efforts. 

While IoT devices are still not considered daily use options in India, the government would do well to generate similar initiatives for existing products that use the internet as a medium for communications and transactions.