A proposed cybersecurity-labeling program for Internet of Things devices is a good idea for manufacturers and consumers alike—but it should be undertaken in the right way, the NAM recently told the Federal Communications Commission.
What’s going on: “The cybersecurity certification and labeling program—which is still in its proposal stage—is called Cyber Trust Mark and would be voluntary,” Government Technology reports.
- Participating companies would be able to utilize the cybersecurity label to signify that their products “meet certain cybersecurity criteria like ‘unique and strong default passwords, data protection, software updates and incident detection capabilities,’ and other features identified by the National Institute of Standards and Technology.”
What we’re saying: It is imperative that the FCC—which would oversee the initiative—keep manufacturers involved at all stages of development, NAM Vice President of Domestic Policy Charles Crain told the commission late last week.
- “To drive robust participation in the program and enhance cybersecurity protections for consumers, the NAM respectfully encourages the FCC to work closely with industry to finalize criteria and procedures that remain voluntary but, when implemented, prove workable for manufacturers and trusted by consumers,” he said.
What should be done: There are six main actions the FCC should take to ensure the success of the program, Crain said.
- Collaborate with manufacturers as the program is being developed.
- Keep participation in the program voluntary.
- Ensure that the process of qualifying for and receiving a Cyber Trust Mark is “trusted, practical and flexible.”
- Make program criteria reflective of the varying degrees of risk that different products pose to consumers.
- Institute a legal safe harbor protecting manufacturers from liability.
- Educate consumers about the program and how they can protect themselves from cybersecurity threats.
The last word: “Manufacturers of IoT devices continue to take steps to enhance the cybersecurity measures implemented within these devices in order to secure them against threats and ensure that consumers are protected to the maximum extent possible,” Crain added.
- “The FCC’s proposed labeling program is thus an exciting opportunity for companies to show the progress they have made in this important arena, and for the industry to cohere around a set of practical, implementable best practices to protect the American people.”