FCC approves cybersecurity label for consumer devices | CyberScoop<\/title> <meta name=\"description\" content=\"The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things devices.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fcc-cyber-trust-mark\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"FCC approves cybersecurity label for consumer devices\"> <meta property=\"og:description\" content=\"The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things devices.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fcc-cyber-trust-mark\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-03-14T20:35:52+00:00\"> <meta property=\"article:modified_time\" content=\"2024-03-14T20:35:53+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1710269227g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1709662998g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1710430945g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/79728\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=79728\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffcc-cyber-trust-mark%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffcc-cyber-trust-mark%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-79728 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fcc-cyber-trust-mark\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.651162790698\">\n<div class=\"single-article__header-content\" readability=\"29.175965665236\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things devices. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Consumers are increasingly adopting smart home devices, such as internet-connected coffee machines, that are also at risk of being hacked. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"60.238064306593\"><body readability=\"122.2084623323\"><\/p>\n<p>The Federal Communications Commission voted Thursday to approve the U.S. Cyber Trust Mark, a voluntary label that denotes that consumer Internet of Things devices like \u201csmart\u201d home appliances meet baseline security standards.<\/p>\n<p>The FCC approval is the culmination of a White House <a href=\"https:\/\/cyberscoop.com\/white-house-to-unveil-internet-of-things-labeling\/\">initiative<\/a> and is somewhat modeled after the energy efficiency labeling program Energy Star. The program would create an easy-to-recognize label that confirms for consumers that a product meets cybersecurity standards developed by the National Institute of Standards and Technology. <\/p>\n<p>The hope is that consumers can vote with their wallet and move the consumer market to address the litany of vulnerabilities found in smart devices. A rush of internet-connected consumer devices that often ship with little or poor security have created huge privacy risks for the consumers that rely on them and have given malicious hackers access to huge networks of devices that they can use to carry out and orchestrate attacks. <\/p>\n<p>Biden administration officials have described the trust mark as a way to address both consumer safety and national-security concerns, as IoT devices are often exploited by state-backed hackers to provide the infrastructure for their campaigns. The U.S. Cyber Trust Mark framework is initially focused on consumer IoT devices but may be broadened in the future.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIf your car explodes following a minor accident or if a table saw comes loose and maims you or your lightbulb overheats and causes a fire, you can take the negligent manufacturer to court and recover your damages,\u201d Commissioner Nathan Simington said during the meeting. \u201cBut if an attacker hacks your smart home devices, let\u2019s say your Alexa, listens in on your private conversations, you have little to no recourse against the manufacturer.\u201d<\/p>\n<p>In order to select which product will get the mark, the FCC will choose a lead administrator to build out the program and third-party accredited labs for compliance testing.<\/p>\n<p>Additionally, the mark would include a QR code linking to a \u201cconsumer-friendly\u201d landing page for each product that details the current state of the device\u2019s security.<\/p>\n<p>The FCC order requires companies that wish to use the label to list information such as the date of the authorization, the name of the accredited lab, and instructions on how to change the default password (only if the password can be changed, the FCC notes). Other requirements include information on additional security-focused configuration instructions, expected software updates, disclosure of the minimum support period (even if there is none), disclosure of whether a software bill of materials is included and any additional information that the administrator can add.<\/p>\n<p>Amit Elazari, co-founder and CEO of the tech advocacy company OpenPolicy and a participant in a <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2023\/07\/18\/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers\">White House meeting<\/a> on the mark, said she was happy to see that the initiative considers not just the device but also includes the software ecosystem around it, such as apps or cloud infrastructure. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe really want to make sure you\u2019re not creating a false sense of security, and the way to do it is to consider all of the components that can introduce a vulnerability,\u201d Elazari said.<\/p>\n<p>Steve Kelly, chief trust officer at the Institute for Security and Technology, said that other countries are either implementing or considering their own IoT security labeling program, so it was \u201cessential that the United States firmly step into the conversation with its own approach, given global supply chains and the global market for these products.\u201d<\/p>\n<p>While the mark is a voluntary effort, Kelly \u2014 a former special assistant to the president and senior director for cybersecurity and emerging technology at the National Security Council \u2014 said that \u201cfrom my conversations with many of these companies, they are keenly interested in differentiating their products in the global marketplace.\u201d<\/p>\n<p>The order requires the FCC\u2019s Public Safety and Homeland Security Bureau to work with the Department of Justice\u2019s Office of International Affairs and other agencies to develop international recognition of the label and to also recognize other label programs, such as those in the European Union and Singapore.<\/p>\n<p>The White House\u2019s July <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2023\/07\/18\/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers\/\">announcement<\/a> of the initiative noted that multiple major manufacturers and retailers were committed to increasing security, including Best Buy, Amazon and Samsung, among others. Some in attendance, like Samsung and LG Electronics, disagreed that the order should cover the broader software and component ecosystem that on which devices rely.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Companies on the FCC\u2019s <a href=\"https:\/\/www.fcc.gov\/laboratory-division\/equipment-authorization-approval-guide\/equipment-authorization-system\">covered list<\/a>, such as Huawei Technologies Company and ZTE Technologies, would not be eligible for the mark.<\/p>\n<p>Organizations like the <a href=\"https:\/\/www.cta.tech\/Resources\/Newsroom\/Media-Releases\/2024\/March\/U-S-Cyber-Trust-Mark-Hits-the-Mark\">Consumer Technology Association<\/a> and the consumer advocacy and investigative nonprofit Consumer Reports have praised the initiative, but experts argue that the FCC mark is just a first step. Consumer Reports noted that the final ruling does not include requirements around encryption, vulnerability reporting or privacy disclosure.<\/p>\n<p>\u201cWhile we\u2019re excited about today\u2019s vote, more work remains. In the future, we\u2019d like to see the FCC include privacy as another element of this label, and more robust security elements are needed,\u201d Justin Brookman, director of technology policy for Consumer Reports, said in a statement.<\/p>\n<p>Thomas Pace, CEO and co-founder of the firmware security firm NetRise Inc., said that the vote \u201cis a good first step in giving consumers better visibility into the security posture of the connected devices they own or are purchasing. In addition to these security labels, the FCC should consider evolving the cyber trust mark to have more prescriptive trust criteria.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.469387755102\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/fcc-approves-cybersecurity-label-for-consumer-devices-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/fcc-cyber-trust-mark\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FCC approves cybersecurity label for consumer devices | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[441,117,1690,1585,439,1691],"tags":[445,119,1692,1589,443,1693],"class_list":["post-2718","post","type-post","status-publish","format-standard","hentry","category-fcc","category-government","category-internet-of-things-iot","category-national-institute-of-standards-and-technology-nist","category-policy","category-smart-homes","tag-fcc","tag-government","tag-internet-of-things-iot","tag-national-institute-of-standards-and-technology-nist","tag-policy","tag-smart-homes"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fcc\/\" rel=\"category tag\">FCC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/internet-of-things-iot\/\" rel=\"category tag\">Internet of Things (IoT)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-institute-of-standards-and-technology-nist\/\" rel=\"category tag\">National Institute of Standards and Technology (NIST)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/smart-homes\/\" rel=\"category tag\">smart homes<\/a>","tag_info":"smart homes","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2718"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2718\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2718,"date":"2024-03-14T15:35:52","date_gmt":"2024-03-14T20:35:52","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79728"},"modified":"2024-03-14T15:35:52","modified_gmt":"2024-03-14T20:35:52","slug":"fcc-approves-cybersecurity-label-for-consumer-devices","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/14\/fcc-approves-cybersecurity-label-for-consumer-devices\/","title":{"rendered":"FCC approves cybersecurity label for consumer devices"},"content":{"rendered":"