The August print edition of Professional Security Magazine features new laws coming into force in the UK and European Union (EU) countries setting some basic cyber security in Internet-connected consumer devices, whether ‘smart’ televisions, toys, climate control systems, fitness trackers, or video surveillance cameras for the home to name a myriad of devices.
Meanwhile in the United States, the Biden-Harris Administration has announced a cybersecurity certification and labelling to help Americans better choose smart devices that are safer and less vulnerable to cyberattacks, a Cyber Trust Mark for short. The White House notes that some electronics, appliance, and consumer product manufacturers, retailers, and trade associations have made voluntary commitments around cybersecurity for the products they sell. Manufacturers and retailers announcing support and commitments to further the Cyber Trust Mark include Amazon, Best Buy, Google, LG Electronics USA., Logitech, and Samsung Electronics.
The ‘kitemark’ comes under the Federal Communications Commission (FCC). The FCC is expected to seek public comment on rolling out the proposed, voluntary scheme, which is expected to begin in 2024. As proposed, certifying and labelling of products would be based on cybersecurity criteria as published by the US federal National Institute of Standards and Technology (NIST) that, for example, requires unique and strong default passwords, data protection, software updates, and incident detection.
The FCC says that it intends the use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products. For what the ‘kitemark’ will look like, see the FCC website.
FCC Chairwoman Jessica Rosenworcel said: “Smart devices make our lives easier and more efficient—from allowing us to check who is at the front door when we’re away to helping us keep tabs on our health, remotely adjust the thermostat to save energy, work from home more efficiently, and much more. But increased interconnection also brings increased security and privacy risks.
“This voluntary program, which would build on work by the National Institute of Standards and Technology, industry, and researchers, would raise awareness of cybersecurity by helping consumers make smart choices about the devices they bring into their homes, just like the Energy Star program did when it was created to bring attention to energy-efficient appliances and encourage more companies to produce them in the marketplace.”
As for the scale of what’s required, the FCC points to estimates of 25 billion connected IoT devices in operation by 2030.
See the page on the UK and EU in the August edition.
