FCC Proposes Voluntary Cybersecurity Labeling Program for Internet-Enabled Devices

The Federal Communications Commission is seeking public comment on a proposal to create a voluntary cybersecurity labeling program that would provide consumers with clear information about the security of their internet-enabled devices, commonly called “Internet of Things” (IoT) or “smart” devices. The proposed program—where qualifying products would bear a new US Cyber Trust Mark—would help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards. The FCC’s program would be similar to the Energy Star program, which was created to help consumers identify energy-efficient appliances and encourage more companies to produce them in the marketplace—but for more cybersecure smart devices. According to one third-party estimate, there were more than 1.5 billion attacks against smart devices in the first six months of 2021 alone. Meanwhile the number of smart devices is skyrocketing, with some estimating that there will be more than 25 billion connected devices in operation by 2030. If the program is established, you would be able to easily identify smart devices and products that meet widely accepted security and privacy standards by looking for the US Cyber Trust Mark logo. The logo would appear on packaging alongside a QR code that you could scan for more information. The QR code would link to a national registry of certified devices so that you could compare these devices and get the most and up-to-date security information about each. The FCC expects that over time, an increasing number of manufacturers would participate in the voluntary program to demonstrate their commitment to privacy and security, as there would be increased consumer demand for easily identifiable trustworthy smart products.