The Federal Communications Commission (FCC) has put forth its notice of proposed rulemaking (the NPRM), outlining the proposed formation of a voluntary cybersecurity labeling program for Internet of Things (IoT) devices, also known as “smart” devices. As part of this new initiative, IoT devices or products that meet certain cybersecurity standards will be allowed to utilize an FCC-endorsed label, known as the “U.S. Cyber Trust Mark.” The proposal by the FCC indicates that the cybersecurity standards would be derived from baselines established by the Davis Wright Tremaine LLP.
This move towards a more formalized approach to IoT cybersecurity represents a significant step in addressing security concerns surrounding smart technology. Cybersecurity has long been a critical issue for smart device manufacturers, with a multitude of different standards and regulations currently in place across the globe.
Given the voluntary nature of the labeling program, it will rely on industry participation for success. Manufacturers that comply with the program will be conferred with the right to use the “U.S. Cyber Trust Mark”, potentially providing these products with a marketing edge over non-compliant competitors, at least to consumers who prioritize cybersecurity in their purchasing decisions.
Should this proposal become a reality, the result could be a significant elevation of IoT device security and a greater uniformity in standards. The FCC has yet to provide a timeline for the program’s implementation, marking this as a space to watch for both manufacturers of IoT devices and their legal advisors.
More details on the FCC’s proposed rulemaking can be found here.