Following its collection of feedback, the Federal Communications Commission voted Tuesday to officially approve the U.S. Cyber Trust Mark, a voluntary label that denotes an IoT device has met a baseline security standard.
Commonly equated to how the ENERGY STAR label works for energy efficiency, the goal of the program is to help raise awareness in the consumer market regarding security issues plaguing IoT and smart home devices.
Once implemented, the mark would include a QR code linking to a landing page for each product that details the current state of the device’s security.
Companies using the label under the program will be required to list information such as the date of authorization, the name of the accredited lab, instructions on how to change the default password, disclosure of the minimum support period, disclosure of whether a software bill of materials is included, and any additional information.
As it stands, the quality of security across consumer devices on the market varies wildly with little transparency into the state of these devices. This, combined with the number of IoT and smart home devices being added to home networks, creates massive vulnerabilities in home networks for malicious hackers to infiltrate.
2024 Lighting Controls and Fixtures Report
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.Download your copy now!
Biden officials note that the formation of the Mark is not only a matter of protecting the American populace from malicious attacks, but also a national security measure given the rise of cyberattacks over the last few years that have increasingly been using hacked consumer devices to set up massive botnets to target government infrastructure.
While this mark is starting with IoT devices, officials have stated there is a possibility for it to be expanded to other products in the future.
Following this vote, the FCC will choose a lead administrator to help build out the program as well as develop third-party accredited labs for testing.
The order also requires the FCC’s Public Safety and Homeland Security Bureau to work with the DoJ’s Office of International Affairs and other agencies to develop international recognition of the label in addition to recognizing other label programs such as those in Europe and Singapore.
Companies that are currently on the FCC’s covered list, such as Huawei Technologies Company and ZTE Technologies, will not be eligible for the mark.
Since its announcement back in July of 2023, Amazon, Best Buy, Carnegie Mellon University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S., have thrown their hat in to support the standard.
Major smart home companies like Crestron, as well as the smart home association CEDIA, have also voiced their support for the program, citing the importance of the professional market in being able to meet the standards being set forward by the program.
However, proponents such as Consumer Reports have been quick to point out gaps in the focus of the program, with independent research group noting there are currently no requirements around encryption, vulnerability reporting or privacy disclosure, the latter of which remains a major concern among smart device owners.
Overall, though, experts have largely agreed that the vote is a good first step in giving consumers greater visibility into the security of their smart devices.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!