U.S. Government Advances Plan for Cybersecurity Labeling Program For Smart Products

Published: February 23, 2024

U.S. Cyber Trust Mark Program would help consumers make informed purchasing decisions and encourage manufacturers to meet higher cybersecurity standards

The Federal Communications Commission (FCC) is schedule on March 14 to create a voluntary cybersecurity labeling program for wireless consumer IoT products.

Under the program, qualifying consumer smart products meeting cybersecurity standards would bear a label—including a new “U.S Cyber Trust Mark”—that would help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.

Eligible products may include home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers, and baby monitors.

RFID Journal Live

Addressing Security Concerns

The program comes as consumer IoT products on the market that communicate over wireless networks continues to grow. These products are made up of various devices, and are based on many technologies, each of which presents its own set of security challenges.

“Smart products can make our lives a lot more convenient, but they can…pose security and privacy risks,” said Chairwoman Jessica Rosenworcel in a press statement Feb. 21.

“This program would make it easier for consumers to choose more secure smart products for their homes, encourage companies to meet higher cybersecurity standards, and strengthen the ecosystem for connected products.”

Program Details

The program rules to be voted upon by the full commission include:

  • The U.S. Cyber Trust Mark logo, which would appear on wireless consumer IoT products that meet baseline cybersecurity standards;
  • The logo would be accompanied by a QR code that consumers can scan for details about the security of the product, including the guaranteed minimum support period for the product and whether software patches and security updates are automatic;
  • The voluntary program would rely on public-private collaboration, with the FCC providing oversight and approved third-party label administrators managing activities such as evaluating product applications, authorizing use of the label, and consumer education; and
  • Compliance testing handled by accredited labs.

The move from the FCC comes as there were more than 1.5 billion attacks against IoT devices in the first six months of 2021 alone, according to one third party estimate. Others estimate that there will be more than 25 billion connected IoT devices in operation by 2030.

Public, Private Partnership

The cybersecurity labeling program builds on the public and private sector work already underway on IoT cybersecurity and labeling, emphasizing the importance of continued partnership so that consumers can enjoy the benefits of this technology with greater confidence and trust, according to FCC officials.

Last August, the commission proposed and sought comment on developing the voluntary cybersecurity labeling program for IoT.  The program that will be voted on next month was developed based on that record. The proposed new rules are posted here

“Just as the ENERGY STAR program educated the public and created incentives for manufacturers to offer more energy-efficient appliances, our cybersecurity labeling program would pave the way to do the same with smart products,’ said Rosenworcel.