The Federal Communications Commission on Thursday voted to create a voluntary cybersecurity labeling program for Internet of Things (IoT) devices and other consumer products that rely on Internet connectivity.
The vote checks a key element of the Biden administration's overall effort to label smart devices such as fitness trackers, garage door openers and thermostats to help consumers buy products that are less susceptible to cyberattacks. It is something.
Smart products that meet certain cybersecurity standards and are subject to the rules will receive a label similar to the ENERGY STAR mark, which indicates that the product is energy efficient. The FCC finalized the program last August after soliciting public comments on how to develop the rules. According to the agency, compatibility testing of equipment will be carried out by accredited laboratories.
The FCC will now discuss how certain software products developed in hostile countries may pose a national security risk to the United States, and how customer data collected by those products may pose a national security risk. We also plan to seek feedback from the public on whether the connection will work. Last month, the White House announced a related executive order regarding data transfers to countries of concern.
FCC Chairwoman Jessica Rosenworcel said companies on the commission's “Target List,” which designates internet and communications providers deemed dangerous to U.S. national security, include CyberTrust. They say they don't deserve the label known as a mark.
“How do we make sure the everyday connections in our home are secure?” she said. “These are the right questions to ask, because this increased connectivity brings more than convenience. It brings cyber vulnerabilities,” Rosenworcel added. “Ultimately, every device connected to the internet is a gateway to the types of attacks that can steal our personal data and make us less secure.”
This logo will be displayed along with a QR code on IoT products that meet baseline cyber standards, allowing users to scan detailed information about the product's security features. This data may include the product's minimum security support period and whether the manufacturer automatically releases updates and patches. As part of the effort, the National Institute of Standards and Technology also developed basic cyber standards for consumer products.
The Consumer Technology Association applauded the move.
CTA CEO Gary Shapiro affirmed the voluntary IoT Cybersecurity Labeling Program, which builds on NIST's efforts to recognize the need for international coordination and the importance of educating consumers about labels. We are pleased to do so,” CTA CEO Gary Shapiro said in a statement. Nextgov/FCW.
Ann Neuberger, Deputy National Security Advisor for Cybersecurity and Emerging Technologies, announced at the CES conference in January that the European Union has signed on to the labeling system.
The labeling program is one of several sweeping steps taken by the Biden administration focused on strengthening U.S. cyber defenses and improving the cyber posture of industries overseen by federal agencies. . These include strict directives requiring offices to report cyber incidents in a timely manner, protect critical infrastructure, and develop methods to eliminate hackers.
Citing an anonymous external study, the FCC announced that approximately 1.5 billion attacks were launched against IoT devices in 2021. The Federal Communications Regulatory Authority added that it is estimated that more than 25 billion IoT products will be in use by the end of 2010.