The Federal Communications Commission has officially proposed a voluntary cybersecurity labeling program for the “things” in the Internet of Things (IoT).
FCC chair Jessica Rosenworcel on Thursday (August 10) released a notice of proposed rulmemaking (NPRM) seeking comment on how to institute such a program for smart devices that meet certain privacy and security standards, similar to the Energy Star program for devices, including cable equipment, that meet efficient energy-use standards.
Rosenworcel said the mark, billed as a “trusted, government-backed symbol,” would help consumers make more informed choices about their devices.
“The proliferation of consumer IoT devices has opened the door to cyberattacks on consumer products that can have serious privacy and national security consequences, ranging from theft of personal information to disruption of critical infrastructure,” the NRPM said.
The FCC IoT stamp of approval would come in the form of a U.S. Cyber Trust Mark, the goal being to distinguish trustworthy products from nontrustworthy devices and “create incentives for manufacturers to meet higher cybersecurity standards.”
The FCC cited the estimated 1 billion to 5 billion attacks on smart devices in the first half of 2021 alone in arguing for the need for a new seal of cybersecurity approval.
The mark would be based on criteria from the National Institute of Standards.
The FCC is seeking lots of comments on just how to set up the program, including which devices should be eligible, who should oversee it, how to demonstrate compliance and prevent unauthorized use, and how to let consumers know about it.