USA implements cybersecurity labeling program for ‘Smart Devices'

                                                                                                                                                                                       

The U.S. Federal Communications Commission (FCC) has approved the creation of a voluntary labeling program for connected ‘smart devices’, i.e. wireless consumer 
Internet of Things (“IoT”) products.  Such products when meeting rigorous cybersecurity requirements based on criteria developed by the National Institute of Standards and Technology (NIST), will be permitted to apply the “U.S Cyber Trust Mark” to their products, similar to the Energy Star logo currently applied to energy-efficient appliances. 
According to the FCC, the Cyber Trust Program is intended to help consumers make informed decisions regarding their purchases of internet enabled devices, while also providing an incentive for manufacturers to meet higher cybersecurity standards.

Amongst the points of the framework and rules created for this program are the following:  

• The logo will be accompanied by a QR code which consumers can scan for details about the security of the product, such as the support period for the product and whether software patches and security updates are automatic.
• The program relies on public-private collaboration, with the FCC providing oversight and approved third-party label administrators managing activities such as evaluating product applications, authorizing use of the label, and consumer education.
• Compliance testing will be handled by accredited laboratories.
• Some examples of eligible products are home security cameras, voice-activated shopping devices, internet-connected appliances, fitness trackers, garage door openers, and baby monitors.
  

Consumer IoT products on the market that communicate over wireless networks are made up of various devices based on different technologies, with its own set of security challenges.
According to a third-party estimate, there were more than 1.5 billion attacks against IoT devices in the first six months of 2021 alone. Others estimate that there will be more than 25 billion connected IoT devices in operation by 2030.  

More information is available at this site.

(Article is based on article published by FCC and edited by T.Sollie)