FCC to vote on authorizing cyber labeling rules next month

Andrey Suslov/getty images

The move is a major piece of a Biden administration push to bring more cyber transparency to consumer products.

The Federal Communications Commission will vote next month to create a voluntary cybersecurity labeling program for Internet of Things devices and other consumer-facing products that rely on an internet connection, the agency said Wednesday.

The vote would check off a major component of a Biden administration-wide push to put labels on smart devices like fitness trackers, garage door openers and climate control gauges to help consumers shop for products that are less prone to cyberattacks.

Smart products covered by the rule that meet certain cybersecurity standards would bear a label akin to the ENERGY STAR marking that indicates a product is energy efficient. FCC sought public comment last August on how to craft the rules and finalized the program based on that feedback, the agency said.

The logo, officially called a U.S. Cyber Trust Mark, would appear on IoT products that meet baseline cyber standards alongside a QR code for users to scan for more information on the product’s security features. That data may include the minimum security support period of the product and whether its manufacturer automatically releases updates or patches. The National Institute of Standards and Technology has also laid out baseline cyber standards for products used by consumers as part of the effort.

Anne Neuberger, deputy national security advisor for cybersecurity and emerging technologies, announced at the CES conference in January that the European Union had signed on to the labeling scheme.

The details of the program’s proposed new rules are to be published Thursday, an agency notice added.

The labeling program is one of several sweeping steps taken by the Biden administration that’s focused on directing federal agencies to harden their cyberdefenses and improve the cyber posture of the industries or sectors they oversee. Those include strict directives that require offices to report cyber incidents in a timely manner and develop methods to defend critical infrastructure and take down hackers.

Some 1.5 billion attacks were launched against IoT devices in 2021, the FCC said, citing unnamed outside research. It’s estimated that over 25 billion IoT products will be in use by the end of the decade, the federal telecom regulator added.