The Federal Communications Commission recently voted on and approved moving forward with the creation of the U.S. Cyber Trust Mark Program, a voluntary cybersecurity labeling program for Internet of Things (IoT) products. First introduced in July 2023, the U.S. Cyber Trust Mark Program is intended to help consumers make “informed purchasing decisions” by identifying qualified smart product that meets robust cybersecurity standards with a clear mark – similar to the ENERGY STAR program administered by the U.S. Environmental Protection Agency.
The FCC notes that the program will also help to differentiate product by identifying it as more trustworthy. In addition, the agency said it plans to create incentives for manufacturers to meet higher cybersecurity standards.
In a statement on the approval of the new program, the FCC expanded on the framework of the U.S. Cyber Trust Mark and next steps to get the program off the ground. The agency explained that the program will “rely on public-private collaboration, with the FCC providing oversight and approved third-party label administrators” to manage things like evaluating product applications, authorizing use of the label and consumer education. Compliance testing, the FCC said, will be handled by accredited labs.
The agency also provided some clarity around the types of product that will be eligible to receive the mark. They include home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers and baby monitors.
“This mark is a step in the right direction,” Eric Sindelar, Nationwide’s director of connected services, said of the program when it was first announced. “The average IoT user probably doesn’t realize that their system can be accessed through Wi-Fi devices such as thermostat, a doorbell camera or smart TVs. Synopsys researchers found at least one open-source vulnerability in 84 percent of code bases, an entry point for hackers.”
According to some estimates, there were more than 1.5 billion attacks on IoT devices during the first half of 2021 alone. And with more than 25 billion IoT devices expected to be in use by 2030, it’s clear that consumers need to be confident that they’re installing product in their home that is safe and secure.
And, to that end, CEDIA – the association that advocates on behalf of the custom integration industry – reiterated the importance of the smart home professional in ensuring consumers properly attach and secure those products to their home networks.
“Beyond establishing a U.S. Cyber Trust Mark program … it will be vital that consumers continue to work with qualified smart home professionals (‘integrators’) to provide technology systems solutions in the home,” the association said in a filing to the FCC in December. “Integrators, the professionals who install, configure, and integrate the technology ecosystem, have extensive knowledge of technology-solutions for the home that can materially advance both security and cybersecurity.”
More information on the U.S. Cyber Trust Mark Program is available on the FCC website.
This article was first published on the Independent Thinking blog.