Readers, it’s already May. That’s wild.
It feels like it just last week we first reported on the U.S. Cyber Trust Mark – a voluntary program that provides a cybersecurity certification label for smart devices and other connected consumer products produced by IoT developers. Following the Biden-Harris Administration’s initial proposal, FCC Chairwoman Jessica Rosenworcel affirmed that if this were to be implemented properly, it would “raise the bar for cybersecurity across common devices, including smart refrigerators, smart microwaves, smart televisions, smart climate control systems, smart fitness trackers and more.” Stronger overall consumer awareness regarding the security of their modern purchases, if you will.
Well, here’s a quick update:
For anyone unaware, the FCC officially voted to approve the program.
This is substantial. By creating easy-to-recognize labels that confirm a consumer product meets National Institute of Standards and Technology (NIST) standards, the hope is that consumer markets begin to more strategically address the litanies of vulnerabilities often encountered vis-à-vis smart device acquisition and usage.
As another reporter described, “A rush of internet-connected consumer devices that often ship with little or poor security have created huge privacy risks for the consumers that rely on them. This has given malicious hackers access to huge networks of devices that they can use to carry out and orchestrate attacks.”
Clearly, this must be stopped.
FCC Commissioner Nathan Simington put it like this:
“If your car explodes following a minor accident or if a table saw comes loose and maims you or your lightbulb overheats and causes a fire, you can take the negligent manufacturer to court and recover your damages. But if an attacker hacks your smart home devices – let’s say your Alexa – listens in on your private conversations, you have little to no recourse against the manufacturer.”
The FCC is reportedly in the midst of selecting a lead administrator to further build out the program (and the third-party accredited labs tasked with compliance testing) to:
- Select which products will receive the Cyber Trust Mark.
- Create consumer-friendly landing pages for each product (reached via QR codes).
Notably, we also received word from Finite State, provider of connected device security and software supply chain risk management solutions. Matt Wyckhouse, CEO of Finite State, is very much in support of the U.S. Cyber Trust Mark’s progression, saying “it is a great first step to ensure IoT devices have a rigorous standard for cybersecurity protection, thus helping consumers better understand their IoT devices.” (Though the many components that make up IoT devices may still require deeper action.)
And as mentioned, while a voluntary effort, this is still vital for businesses “keenly interested in differentiating their products for the safety of the global marketplace,” said Steve Kelly, Chief Trust Officer at the institute for Security and Technology.
Read here to learn more directly from the FCC.
Edited by
Greg Tavarez
