FCC implements regulations for IoT cybersecurity labelling initiative
The Federal Communications Commission (FCC) has enacted regulations for an Internet of Things (IoT) Cybersecurity Labeling Program aimed at enhancing security measures for IoT devices.
Consumers increasingly rely on Internet-connected products for various aspects of daily life, from home safety to personal convenience. However, these products also pose security risks as they are vulnerable to cyberattacks, jeopardising privacy and national security. To address this, the Federal Communications Commission has introduced a voluntary cybersecurity labelling program for wireless internet of things (IoT) products.
This program will feature an easily recognisable FCC IoT Label, including a US government certification mark (Cyber Trust Mark) to signify baseline cybersecurity standards, along with a QR code directing consumers to a product registry for more details. Products bearing this label assure consumers of meeting minimum cybersecurity standards, strengthening the security of their IoT ecosystem. The initiative aims to empower consumers to make informed purchasing decisions, enhance confidence in IoT product cybersecurity, and encourage manufacturers to prioritise security in product development.
Here is how the program will work:
- Criteria and labelling: The program will be based on criteria developed by the National Institute for Standards and Technology. Products meeting these criteria will bear an FCC Label, including the US Cyber Trust Mark and a QR Code linking to a product registry with detailed security information.
- Focus on wireless consumer IoT products: Initially, the program will focus on wireless consumer IoT products, encompassing devices like smart speakers, doorbells, and apps used to control them beyond basic features.
- Collaboration and oversight: The FCC will administer the labelling program, emphasising collaboration between the federal government, industry, and stakeholders to ensure its success. Cybersecurity Labeling Administrators (CLAs) will manage day-to-day operations, reviewing applications from manufacturers seeking authorisation to use the FCC Label.
- Consumer information: Consumers can scan a QR code on product packaging to access security information such as product details, manufacturer information, testing lab details, software updates, support period, and more in a consumer-friendly format.
- Security standards: The program aims to provide consumers with clear information about the security of IoT products they purchase, encouraging manufacturers to prioritise security-by-design principles in their products.