The US Security Standard For IoT Devices

The US government has launched its long-awaited Internet of Things (IoT) cyber security labelling program with the aim of protecting people the security risks associated with Internet-connected devices. Now, the US Federal Communications Commission (FCC) has released a cyber security labelling program to improve users security of the IoT.

“These smart devices or products might include home office routers, digital personal assistants, home security systems, voice-activated shopping, Internet-connected appliances, fitness trackers, GPS trackers, medical devices, garage door openers, and baby monitors,” the FCC has said in a press release.

The aim is to “To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications,” says the US Government Federal Register.

The FCC says the program will be similar to the Energy Star program, which helps users identify energy-efficient appliances, and promote more cyber secure smart devices.

The enormously growing numbers of smart products already connected to networks bring enormous security challenges.

IoT devices are susceptible to a wide range of vulnerabilities, such as default passwords, a lack of regular security updates, weak encryption, and insecure authentication. Furthermore, since IoT devices are often installed in public spaces or remote locations, their physical security may also be compromised, vulnerable to theft, tampering, vandalism, or unauthorised access.

FCC Chairwoman Jessica Rosenworcel contends that while beneficial, increased interconnection also brings increased security risk, saying: “Smart devices make our lives easier and more efficient…But increased interconnection also brings increased security and privacy risks”

“After all, every device connected to the Internet is a point of entry for the kind of cyber attacks that can take our personal data and compromise our safety.” she said.

These new proposals aim to assure users that the manufacturers adhere to widely accepted cyber security standards. However, there was a proposed requirement that manufacturers disclose the length of time they’ll provide security updates for their devices and whether they’ll fix known security vulnerabilities, which raises issues.

Another possible risk is increased manufacturing costs are also a risk, which might make devices more expensive, although many will agree that the FCC’s proposal is a step in the right direction, but some are still hoping for further and mandatory security requirements.

I-His:     FCC:     FCC:     FCC:     NIST:     Tech Crunch:     Federal Register              Image: Stephen Phillips

You Might Also Read:

Blockchain Is The New IoT Standard:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« China Accuses The US Of Spying On Huawei
The Rapid Rise In DNS Attacks Demands New Approaches To Cyber Defense »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

American International Group (AIG)

American International Group (AIG)

AIG, is an American multinational insurance corporation. Commercial services include cyber risk insurance.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

UnderDefense

UnderDefense

UnderDefense provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Sparrow

Sparrow

Sparrow specializes in application security testing solutions to cope with new technology trends such as cloud, mobile, and DevSecOps.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.