The Federal Communications Commission lead by Chairwoman Rosenworcel advances plans for cybersecurity labeling program for smart products by releasing a public draft. What has triggered this has been due to the ever growing and changing needs of the public’s reliance on internet-connected products. This interconnection of products linked to the internet helps manage an ever widening scope of people’s day-to-day life, including home safety, health, recreation, and personal convenience. With this convenience comes the risk of a wide range of security vulnerabilities that are increasingly exploited by cybercriminals who are invading people’s privacy and threatening national security. Consumers who purchase IoT products that bear the FCC Label need to be assured that their products meet the latest cybersecurity standards of the IoT Labeling Program. This will strengthen the chain of connection among IoT products in their homes, offices and as part of the larger national IoT ecosystem.

The goals of this Order would do is establish a voluntary IoT cybersecurity labeling program based on the criteria developed by the National Institute for Standards and Technology. The labeling program would help consumers make better purchasing decisions, raise consumer confidence with regard to the cybersecurity of the IoT products, and encourage manufactures to develop IoT products with security-by-design principles in wide. The FCC Label will also include the U.S. Cyber Trust Mark with a QR code linking it to a product registry. The registry would display consumer-friendly information about the security of products that bear the Cyber Trust Mark. The initial focus would be on wireless consumer IoT products, which would include the IoT devices and additional products components that are needed for a consumer to use the IoT product beyond basic operational features. For example, this could include a smart speaker, doorbell, or shopping device and the apps used to control them. While the program is administered by the FCC, close collaboration between the federal government, industry, and other stakeholders will be vital to ensuring success. Cybersecurity Labeling Administrators (CLAs), including a Lead Administrator selected by the Commission, would hale the Commission to stand up the program and be responsible for the day-to-day program management. CLAs would receive, review, and approve/deny applications from manufacturers that want to use the FCC Label. Each application will need show testing by an an accredited lab to demonstrate that the produce complies with the FCC’s program standards. The success of this program would rely on a robust consumer education campaign with shared responsibilities among the government, manufacturers, retailers, industry, and other cybersecurity groups to promote label recognition, brand trust, and transparency.