The Federal Communications Commission (FCC) is seeking public comment on a proposal to create a voluntary cybersecurity labeling program that would provide consumers with clear information about the security of their smart devices.
White House unveiled the “U.S. Cyber Trust Mark” last month – a program that will label cyber-secure smart devices with a shield logo and help Americans more easily choose devices that are less vulnerable to cyberattacks.
The logo will also feature a QR code that can provide more information on the smart products. Some of these common products include smart fitness trackers, baby monitors, refrigerators, microwaves, televisions, home thermostats, and more.
The U.S. Cyber Trust Mark will label products based on cybersecurity criteria published by the National Institute of Standards and Technology, such as requiring unique and strong passwords, data protections, software updates, and incident detection capabilities.
The FCC’s program would be similar to the Energy Star program, which was created to help consumers identify energy-efficient appliances and encourage more companies to produce them in the marketplace – but for more cybersecure smart devices.
“There are now so many new devices – from smart televisions and thermostats to home security cameras, baby monitors, and fitness trackers – that are connected to the internet. These technologies provide huge benefits because they can make our lives easier and more efficient. But this increased interconnection brings more than just convenience; it brings increased security risk,” said FCC Chairwoman Jessica Rosenworcel, who first proposed the program.
“That is why the Commission is proposing to put in place the first-ever voluntary cybersecurity labeling program for connected smart devices: The U.S. Cyber Trust Mark. Just like the ‘Energy Star’ logo helps consumers know what devices are energy efficient, the Cyber Trust Mark will help consumers make more informed purchasing decisions about device privacy and security,” she added.
The notice of proposed rulemaking – published on Aug. 10 – seeks to leverage the significant public and private sector work already underway on smart device cybersecurity and labeling, and it emphasizes the importance of continued partnership.
The proposal poses questions about how to create the most effective program, inviting public comment on issues including:
- The scope of devices or products for sale in the U.S. that should be eligible for inclusion in the labeling program;
- Who should oversee and manage the program;
- How to develop the security standards that could apply to different types of devices or products;
- How to demonstrate compliance with those security standards;
- How to safeguard the cybersecurity label against unauthorized use; and
- How to educate consumers about the program.
“With this notice we seek input on how best to establish this voluntary labeling program, the scope of eligible devices, the mechanics of managing this program, how to further develop standards that could apply to different kinds of devices, how to demonstrate compliance with those standards, and how best to educate consumers,” Rosenworcel said.
“That is not a small task. But it’s worth it,” she continued. “Because the future of smart devices is big and the opportunity for the United States to lead the world with a global signal of trust is even greater.”
After the FCC evaluates the public input from the proposed rule, it expects the new cybersecurity labeling program to be up and running by late 2024.