FCC proposes voluntary cybersecurity labeling program

July 20, 2023

According to a July 18 press release, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel unveiled a new proposal to create a voluntary cybersecurity labeling program. The program aims to provide consumers with transparent information about the security of their internet-enabled devices.

The release says that “The proposed program—where qualifying products would bear a new U.S Cyber Trust Mark—would help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.”

Further, “The draft proposal, called a Notice of Proposed Rulemaking (NPRM), outlines a voluntary cybersecurity labeling program that would be established under the FCC’s authority to regulate wireless communications devices based on cybersecurity criteria developed by the National Institute of Standards and Technology (NIST). If the proposal is adopted by a vote of the Commission, it would be issued for public comment, and could be up and running by late 2024.”

The proposal is looking for input on issues such as the scope of devices for sale in the U.S. that should be eligible for the labeling program, who should oversee and manage the program, how to develop security standards for different types of devices, how to demonstrate compliance, and more. Additionally, the Commission announced the proposed U.S. Cyber Trust Mark logo that is pending a certification mark approval by the U.S. Patent and Trademark Office. The logo would appear on packaging next to a QR code that consumers would be able to scan for further information.

“There are a wide range of consumer Internet of Things (or “IoT”) products on the market that communicate over networks,” the release adds. “These products are made up of various devices, and are based on many technologies, each of which presents a set of security challenges. According to one third party estimate, there were more than 1.5 billion attacks against IoT devices in the first six months of 2021 alone. Others estimate that there will be more than 25 billion connected IoT devices in operation by 2030. The proposal announced today builds on the significant public and private sector work already underway on IoT cybersecurity and labeling, emphasizing the importance of continued partnership so that consumers can enjoy the benefits of this technology with greater confidence in and knowledge of their devices’ security.”

Chairwoman Rosenworcel was quoted in the release saying that “Smart devices make our lives easier and more efficient—from allowing us to check who is at the front door when we’re away to helping us keep tabs on our health, remotely adjust the thermostat to save energy, work from home more efficiently, and much more. But increased interconnection also brings increased security and privacy risks. Today I am proposing that the FCC establish a new cybersecurity labeling program so that consumers will know when devices meet widely accepted security standards. This voluntary program, which would build on work by the National Institute of Standards and Technology, industry, and researchers, would raise awareness of cybersecurity by helping consumers make smart choices about the devices they bring into their homes, just like the Energy Star program did when it was created to bring attention to energy-efficient appliances and encourage more companies to produce them in the marketplace.”

FCC has the press release.

Photo 284411646 | Ai Healthcare © Yuri Arcurs | Dreamstime.com
557322636 © 2ragon | stock.adobe.coom
Photo 197965296 © Ratz Attila | Dreamstime.com
Photo 99172901 © Mohamed Ahmed Soliman | Dreamstime.com
Photo 119267022 | Healthcare © Oleg Dudko | Dreamstime.com