Article | July 18, 2023

Consumers Want to Know More about IoT Security. A New Public/Private Labeling Program Will Help.

by 
Gary Shapiro

Consumer connected devices (IoT devices) are changing how we live, work, and play. While walking CES this year, I saw IoT applications improving healthcare, transportation and energy efficiency. While IoT makes our world better, it also tempts bad actors to exploit consumers’ connected devices. Tech makers take this threat seriously and are building and enhancing tools to improve product security and protect consumers. Working with the U.S. government, they’re poised to do even more to combat cybercrime.

Today, the Biden Administration is launching the U.S. Cyber Trust Mark to give consumers more information on the cybersecurity of the connected products they buy. The program will be overseen by the Federal Communications Commission (FCC), based on criteria developed and maintained by the National Institute of Standards and Technology and shaped by recommendations CTA made over the past five years. It will rely on a voluntary, dynamic product certification program that requires manufacturers to use specific security measures. That certification will help educate consumers and businesses about what they’re getting when they buy new connected products.

Once the FCC stands up the program, consumers will begin to see a U.S. Cyber Trust Mark and QR code on various connected products, linking to information about the product’s security protections. QR codes, the modern-day version of a label, are easily accessible to consumers buying either in-store or online. Consumers can quickly understand which products are built with certain protections to defend against cyber criminals and intruders, and whether devices are equipped with up-to-date software. With more than 90% of American consumers worrying about online security threats affecting their household, the new program will offer peace of mind and strong protection for our connected devices.

As head of CTA, I’ve been involved in many public-private collaborations, including our recent work to bring over-the-counter hearing aids to consumers. They work best when there is strong agreement on a big goal and flexibility in implementation. This collaborative approach extends to the development of globally recognized standards that shape how we use and rely on technology devices. In this case, government officials and industry leaders agreed on the goal of enhancing cybersecurity for the IoT products consumers use every day. More, the quickest way of meeting this goal, both sides agreed, was a cooperative strategy that combined government criteria, industry consensus standards and existing industry certification processes. The resulting transparency allows consumers to make wise buying choices and encourages device makers to meet set cybersecurity standards.

A voluntary, consumer-facing label already serves as a vital tool for raising consumer awareness of other technologies. ENERGY STAR is a well-known government seal of approval, recognizing the most energy efficient products in more than 70 product categories. Consumers have bought over two billion ENERGY STAR certified products since the program launched three decades ago. The ENERGY STAR program has also helped American families and businesses save more than $500 billion in energy costs and prevented more than 4 billion metric tons of greenhouse gas emissions. In short: The program has been voluntary, collaborative and highly effective. The same idea can work to boost cybersecurity.

When we can agree on a common goal, a private-public partnership approach works best. Over the coming months, the FCC will seek public comment on how to implement and oversee the U.S. Cyber Trust Mark. CTA will offer its views as part of the comment process. I’m pleased by the prospect of a program that will provide consumers with increased transparency, while allowing innovation in the consumer technology industry to flourish.

Learn more and stay up to date with CTA’s work on the U.S. Cyber Trust Mark here.