Skip to main content
close search
site logo
Dive Brief

FCC approves voluntary cyber labeling program for smart home IoT devices

The Biden administration wants the U.S. Cyber Trust Mark program to incentivize higher security standards in future IoT development.

Published March 15, 2024
David Jones's headshot
Reporter
A person uses a wall-mounted smart home interface to answer a call in the kitchen.
Courtesy of Brilliant

Dive Brief:

  • The Federal Communications Commission voted to create a long-anticipated U.S. Cyber Trust Mark program that will provide a label for smart products on the consumer market that meet robust cybersecurity standards. 
  • The voluntary program will allow makers of Internet of Things products — ranging from home security cameras to baby monitors and internet-connected appliances — to submit their products for testing and evaluation under third-party administrators.  
  • The FCC will seek public comment on additional proposed disclosure requirements, including whether certain software and firmware is made in countries that pose a security risk to the U.S.

Dive Insight:

The U.S. Cyber Trust Mark program is considered a key component of the Biden administration’s national cybersecurity strategy. 

The administration has taken numerous steps in recent years to strengthen the nation’s cyber resilience following the 2020 supply chain attacks linked to state-sponsored hackers and the 2021 ransomware attack against Colonial Pipeline.  

Connected technologies are widely used by consumers and businesses, with some third party estimates showing more than 25 billion devices will be in use by 2030, according to the FCC. The FCC also cited third-party data indicating more than 1.5 billion attacks took place against IoT products during the first six months of 2021.

“Our expectation is that over time more companies will use the Cyber Trust Mark — and more consumers will demand it,” FCC Chair Jessica Rosenworcel said in a statement Thursday. “This has the power to become the worldwide standard for secure Internet of Things devices.” 

The program approval arrives during a period of increased concerns about IoT security, as threat groups like Volt Typhoon have exploited vulnerabilities in edge devices in a larger campaign to potentially spread destructive attacks against critical infrastructure providers in the U.S.

Federal authorities in January disrupted KV Botnet, in which hackers put malware onto hundreds of small office/home office routers. 

Some experts remain skeptical about whether a voluntary program will have enough teeth to truly create incentives to move the needle on consumer device security. 

“We have seen this with other voluntary guidance across critical infrastructure,” Patrick Gillespie, OT lead at GuidePoint Security, said via email. “Without distinct requirements being imposed on manufacturers, the security of IoT devices will remain as they are today — insecure.”

Filed Under: Policy & Regulation

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Policy & Regulation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell