Applications are open for IoT device cyber certifiers
The program seeks to help consumers make more informed buying decisions about everyday technology products that can be prone to attempted hacks.
The Federal Communications Commission is accepting applications for people to serve as administrators on a voluntary cybersecurity labeling program that would help consumers shop for products that are less prone to cyberattacks.
Applicants who want to serve in the roles would be authorized to certify the use of the label, which includes a coming flagship U.S. Cyber Trust Mark that, in essence, indicates that products meet certain cybersecurity standards and would bear a label akin to the ENERGY STAR marking showing a product is energy efficient.
The FCC sought public comment last August on how to craft the rules and finalized the program this March based on the feedback. Device compliance testing would be handled by accredited research labs, the agency said.
The logo would appear on internet of things products that meet baseline cyber standards alongside a QR code for users to scan for more information on the product’s security features. That data may include the minimum security support period of the product and whether its manufacturer automatically releases updates or security patches. The National Institute of Standards and Technology has also laid out baseline cyber standards for the products.
Anne Neuberger, deputy national security advisor for cybersecurity and emerging technologies, said last week at the Billington Cyber Summit that consumers can expect the labels to appear around early next year. In January, she said the European Union had also signed on to the labeling scheme.
Some 1.5 billion attacks were launched against IoT devices in 2021, the FCC has previously said, citing unnamed outside research. It’s estimated that over 25 billion IoT products will be in use by the end of the decade, the federal telecom regulator added.
The labeling program is part of a broader effort by the Biden administration to strengthen federal agencies’ cyber defenses and improve the cybersecurity of the industries and sectors they regulate. This includes enforcing strict directives that require agencies to promptly report cyber incidents, develop strategies to protect critical infrastructure and dismantle hacker operations.