Mar 20, 2024The Federal Communications Commission (FCC) voted on March 14 to create a voluntary cybersecurity labeling program for wireless consumer Internet of Things (IoT) products.
Under the program, qualifying consumer smart products that meet cybersecurity standards will bear a label—including a new U.S Cyber Trust Mark—that will help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.
According to FCC officials, the cybersecurity labeling program builds on the public and private sector work already underway on IoT cybersecurity and labeling, emphasizing the importance of continued partnership so that consumers can enjoy the benefits of this technology with greater confidence and trust.
Chairwoman Rosenworcel
Eligible products may include home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers, and baby monitors.
FCC chairwoman Jessica Rosenworcel said in her statement during the commission’s meeting that the IoT program should be viewed along the same lines the Energy Star logo helps consumers know which devices are energy efficient.
“The cyber trust mark will help us make informed choices about the security and privacy of internet of things products we bring into our homes and businesses,” said Rosenworcel. “Our expectation is that over time, more companies will use the cyber trust mark and more consumers will demand it. This has the power to become the worldwide standard for secure internet of things devices.”
New Rules
The rules and framework for the program, first offered in August 2023, that were adopted include:
- The U.S. Cyber Trust Mark logo initially appearing on wireless consumer IoT products that meet the program’s cybersecurity standards.
- A QR code consumers can scan for easy-to-understand details about the security of the product, such as the support period for the product and whether software patches and security updates are automatic.
- The voluntary public-private collaboration program having the FCC providing oversight and approved third-party label administrators managing activities such as evaluating product applications, authorizing use of the label, and consumer education.
- Compliance testing handled by accredited labs.
The commission continues to seek input on additional potential disclosure requirements, including whether software or firmware for a product is developed or deployed by a company located in a country that presents national security concerns and whether customer data collected by the product will be sent to servers located in such a country.
Growing IoT Industry
According to one third party estimate, there were more than 1.5 billion attacks against IoT devices in the first six months of 2021 in a market that is expected to grow to more than 25 billion connected IoT devices in operation by 2030.
Commission members said the cybersecurity labeling program builds on the public and private sector work already underway on IoT cybersecurity and labeling, emphasizing the importance of continued partnership so that consumers can enjoy the benefits of this technology with greater confidence and trust.
Rosenworcel noted “to get to this point, we know we need to work with our federal partners, manufacturers, retailers, and cybersecurity groups. We are ready to do just that.”
“This is no small task,’ she added. “But it’s worth it. Because the future of smart devices is big and the opportunity for the United States to lead the world with a global signal of trust is even greater. I…look forward to seeing the Cyber Trust Mark in the marketplace.”
Key Takeways
- The U.S. Cyber Trust Mark logo initially appearing on wireless consumer IoT products that meet the program’s cybersecurity standards.
- The cybersecurity labeling program builds on the public and private sector work already underway on IoT cybersecurity and labeling,
