The Federal Communications Commission (“FCC” or “Commission”) yesterday published a Notice of Proposed Rulemaking proposing a “first-ever” voluntary cybersecurity labeling program for connected smart devices. The proposed “U.S. Cyber Trust Mark” would be affixed to IoT1 devices and products, providing consumers with clear and accessible information on their relative security. Along with the mark, the FCC proposes QR codes that would provide up-to-date information on the devices to allow for their continuous development.
The FCC’s NPRM follows the growing cybersecurity concerns over the ever-increasing interconnection around our everyday lives.
The proposed measure seeks to increase consumers’ confidence in the manufacturers’ adherence to widely accepted cybersecurity standards while raising the industry-wide cybersecurity bar and holding manufacturers accountable.
The FCC proposes that the Cyber Trust Mark program be based on the industry-wide NIST-recommended criteria for cybersecurity. These are criteria already familiar to IoT manufacturers.
With this NPRM, the FCC seeks stakeholders’ input on the following matters:
- how best to establish the program,
- the scope of eligible devices, the mechanics of managing this program,
- how to further develop standards that could apply to different kinds of devices,
- how to demonstrate compliance with those standards, and
- how best to educate consumers.
[1] Internet-of-Things – smart devices connected to the Internet, from home office routers to personal digital assistants, Internet-connected home security cameras, voice-activated shopping devices, Internet-connected appliances, fitness trackers, GPS trackers, medical devices, garage door openers, and baby monitors.
WE CAN HELP! If you have any questions on this new development or would like assistance advocating for your needs, contact our Managing Partner, Jonathan S. Marashlian (703.714.1313, jsm@CommLawGroup.com).
MEET OUR EXPERIENCED IOT TEAM:
Ron Quirk
Head of Internet of Things and Connected Devices Practice
IoT Attorney Ronald E. Quirk Jr., is a Senior Managing Attorney at The CommLaw Group, where he focuses his practice on federal, state and international telecommunications regulation and policy, with a particular expertise in assisting clients in navigating the complex labyrinths of RF equipment authorization and enforcement processes around the world. His career has spanned more than 20 years, including several years at AMLAW 100 firms and the FCC.
Linda McReynolds
Head of Information Privacy, Data Security and Consumer Protection Practice
Privacy and Cybersecurity Attorney, Linda McReynolds, is Counsel at The CommLaw Group, where she practices primarily in the areas of privacy and cyber law. Linda is a Certified Information Privacy Professional (CIPP/US). As a practitioner, she recognizes clients’ needs to develop good practices and address compliance with applicable laws while achieving business success in the fast- paced technology and telecommunications sectors.
DISCLAIMERS: This publication may be considered Attorney Advertising in certain jurisdictions. The determination of the need for legal services and the choice of lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise.
