IoT Security Reinforcement: White House Introduces Labelling Initiative for Consumers
The Federal Communications Commission (FCC) has announced the launch of a voluntary labeling program called the U.S. Cyber Trust Mark. This initiative aims to help consumers identify Internet of Things (IoT) devices that meet baseline cybersecurity standards, thereby increasing transparency and trust in smart home and IoT products.
The program focuses on smart home devices and other consumer IoT products that use wireless communication technologies, often operating in ISM bands like 2.4 GHz and 5 GHz. Devices that meet the cybersecurity standard criteria will receive a U.S. Cyber Trust Mark label.
Key aspects of the program include voluntary certification, a focus on security baselines, consumer transparency, and targeted devices. Manufacturers can choose to obtain the Cyber Trust Mark to demonstrate that their devices comply with the FCC’s baseline cybersecurity requirements for wireless consumer IoT devices. The label is intended as a visible sign to consumers that the product has undergone security assessment.
The mark indicates that the product meets certain cybersecurity standards designed to reduce vulnerabilities common in IoT devices, such as weak passwords, insecure firmware updates, and other risks. The label may include QR codes or other mechanisms to give buyers easy access to security information about the device.
The FCC will create a QR code that links to a registry of certified smart home devices, providing clear information about the cybersecurity of IoT devices. The program aligns with broader IoT cybersecurity improvement efforts at federal and state levels, such as the IoT Cybersecurity Improvement Act and California's IoT security law.
In addition, the National Institute of Standards and Technology (NIST) will publish specific criteria for the program, including criteria for strong and default passwords, data protection, software updates, and incident detection. The Biden administration considers an Energy Star type of consumer labeling program a key part of an effort to strengthen the nation's cyber infrastructure.
The program aims to complement existing regulatory frameworks by promoting baseline cybersecurity hygiene and encouraging manufacturers to improve device security voluntarily before potential mandatory regulations take effect. The FCC plans to work with the Department of Justice on oversight and enforcement safeguards.
Information security experts consider it critical to better secure home-based networks, especially with millions of U.S. workers operating from home office environments. In recent months, the China-linked Volt Typhoon campaign against U.S. critical infrastructure providers involved the compromise of vulnerable home routers and SOHO networks. Home routers and other IoT devices have become more targets of malicious attacks in recent years.
The U.S. Cyber Trust Mark is expected to be rolled out by late 2024, subject to public comment. The program is part of a larger plan to develop a safer grid, as the Department of Energy is unveiling a program to develop cybersecurity labeling for smart meters and power inverters. The Biden administration has unveiled a consumer labeling plan to strengthen the cybersecurity of smart home devices, with more than 1.5 billion attacks made against IoT devices during the first half of 2021. It is estimated that more than 25 billion IoT devices will be in circulation by 2030.
The program, if adopted, could significantly enhance the cybersecurity of consumer IoT devices, providing a visible sign of security compliance for manufacturers and a valuable tool for consumers to make informed decisions about their smart home and IoT purchases. The U.S. Cyber Trust Mark is a step towards a safer and more secure connected future.
- To address the rising threat of cyber attacks on home routers and IoT devices, the U.S. Cyber Trust Mark program aims to provide a visible sign of security compliance for manufacturers, serving as a valuable tool for consumers to make informed decisions about their smart home and IoT purchases.
- The National Institute of Standards and Technology (NIST) will publish criteria for the U.S. Cyber Trust Mark program, focusing on aspects such as strong and default passwords, data protection, software updates, and incident detection, which are crucial for enhancing data-and-cloud-computing security in the technology-driven era.
