FCC Adopts “Energy Star” Equivalent Cybersecurity Labeling System for IoT Devices
On Thursday, the Federal Communications Commission (FCC) unanimously approved the draft Report and Order for a voluntary cybersecurity labeling system aimed at wireless IoT-connected devices, following several months of program development. Arising from concerns regarding cyberattacks leveraging connected home devices, these labels are intended to educate consumers much like the “Energy Star” labels found on household appliances.
The agency highlighted that, according to third-party estimates, there were over 1.5 billion attacks targeting IoT devices in the initial six months of 2021.
Under the FCC’s initiative, qualifying consumer smart products meeting cybersecurity criteria will display a label, aiding consumers in making informed purchasing choices, distinguishing reliable products in the market, and motivating manufacturers to adhere to heightened cybersecurity standards.
Consumers will have the ability to scan a QR code to access information about the product’s security, such as the duration of support and whether software patches and security updates are automatically provided, as stated by the FCC.
What the Order Does:
- Establishing a Voluntary Labeling Program: The FCC’s order creates a voluntary IoT cybersecurity labeling program based on criteria developed by the National Institute for Standards and Technology (NIST). This labeling system aims to empower consumers to choose products with enhanced cybersecurity features and incentivize manufacturers to adopt security-by-design principles.
- Inclusion of the FCC Label: Products meeting the program’s cybersecurity standards will bear the FCC Label, which includes the U.S. Cyber Trust Mark and a QR code linking to a product registry. This registry will provide consumers with easily accessible information about the security features of labeled products.
- Focus on Wireless Consumer IoT Products: Initially, the labeling program will concentrate on wireless consumer IoT products, including devices like smart speakers, doorbells, and other connected gadgets, along with the accompanying apps necessary for their functionality.
- Collaboration for Success: The success of this program relies on close collaboration between the government, industry stakeholders, retailers, and cybersecurity groups. Cybersecurity Labeling Administrators (CLAs) would oversee the program’s implementation, ensuring adherence to program standards and facilitating consumer education efforts.
How We Can Help:
Whether you’re a manufacturer seeking authorization to use the FCC Label or a consumer looking to understand the security implications of IoT products, we’re here to assist you every step of the way. Our expertise in regulatory compliance and cybersecurity law ensures that you receive accurate and actionable advice tailored to your specific needs.
We encourage you to stay informed about this important development and reach out to us with any questions or concerns you may have. Your security and peace of mind are our top priorities, and we are committed to providing you with the guidance and support you need.
CONTACT US NOW, WE ARE STANDING BY TO GUIDE YOUR COMPANY’S COMPLIANCE EFFORTS
Jonathan S. Marashlian – Tel: 703-714-1313 / E-mail: jsm@CommLawGroup.com
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Ron Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
Diana James – Tel: 703-663-6757 / E-mail: daj@CommLawGroup.com
DISCLAIMERS: This publication may be considered Attorney Advertising in certain jurisdictions. The determination of the need for legal services and the choice of lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise.