FCC approves label for smart products: look for “Cyber Trust Mark” stickers


Internet of Things (IoT) products, if they meet “robust cybersecurity standards,” now may qualify for a voluntary label under the US Cyber Trust Mark program created by the Federal Communications Commission (FCC).

The new mark is supposed to help consumers make informed purchasing decisions and find trustworthy products in the marketplace. Manufacturers are incentivized to meet higher cybersecurity standards.

The US Cyber Trust Mark logo will initially appear on wireless consumer IoT products that meet the program’s cybersecurity standards. Those include security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers, baby monitors, and others.

ADVERTISEMENT

Users should also look for an accompanied QR code that leads to easy-to-understand details about the security of the product. Manufacturers will declare the support period for the product and whether software patches and security updates are automatic.

Cyber Trust Mark logos

“The device that I think of most when I think about this new world of the IoT – and maybe it is because I am a Mom – is a baby monitor. My goodness, you want that to be safe. You want to know when you bring that monitor into your house to watch your newborn, that the connection is secure and not going to invite any malware or malicious activity into your home,” FCC Chairwoman Jessica Rosenworcel said.

The FCC says that Compliance testing will be handled by accredited labs. However, the program is voluntary and will rely on public-private collaboration. Approved third-party administrators will evaluate and authorize the use of the label, and the FCC will provide oversight.

Cybernews already reported on doubts surrounding the program, which seems to lack ambition and enforcement, as manufacturers won't be obliged to offer a minimum support period. Some experts feared that users may fall victim to a false sense of security.

The FCC compares its label to the “Energy Star” logo, which helps to know which devices are energy efficient. Cybersecurity criteria for a new label are developed together with the National Institute of Standards and Technology.

The sticker has national security built-in and won’t be eligible for entities or equipment posing an unacceptable risk to the national security of the US, included in the so-called “Covered List.” The list contains Huawei Technologies Company, ZTE Corporation, Kaspersky Lab, Hytera Communications, and other companies.

“Our expectation is that over time more companies will use the Cyber Trust Mark – and more consumers will demand it,” Rosenworcel said.

ADVERTISEMENT

Commissioner Nathan Simington noted that device manufacturers and software developers routinely disclaim all liability and warranties against failures, and “tort law provides few protections in the absence of physical injury to persons or property.” The new label will require bearers to commit to a declared support period.

“They will have to diligently identify critical vulnerabilities in their products and promptly release updates correcting them. Crucially, they will be prohibited from disclaiming these promises to the consumer,” Simington said.

Estimates show that IoT devices were attacked more than 1.5 billion times in the first six months of 2021 alone. And 25 billion connected devices will be in operation worldwide by 2030, according to Transforma Insights.