The US Security Standard For IoT Devices

Uploaded on 2023-10-09 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY-Key Areas-Internet of Things

The US government has launched its long-awaited Internet of Things (IoT) cyber security labelling program with the aim of protecting people the security risks associated with Internet-connected devices. Now, the US Federal Communications Commission (FCC) has released a cyber security labelling program to improve users security of the IoT.

“These smart devices or products might include home office routers, digital personal assistants, home security systems, voice-activated shopping, Internet-connected appliances, fitness trackers, GPS trackers, medical devices, garage door openers, and baby monitors,” the FCC has said in a press release.

The aim is to “To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications,” says the US Government Federal Register.

The FCC says the program will be similar to the Energy Star program, which helps users identify energy-efficient appliances, and promote more cyber secure smart devices.

The enormously growing numbers of smart products already connected to networks bring enormous security challenges.

IoT devices are susceptible to a wide range of vulnerabilities, such as default passwords, a lack of regular security updates, weak encryption, and insecure authentication. Furthermore, since IoT devices are often installed in public spaces or remote locations, their physical security may also be compromised, vulnerable to theft, tampering, vandalism, or unauthorised access.

FCC Chairwoman Jessica Rosenworcel contends that while beneficial, increased interconnection also brings increased security risk, saying: “Smart devices make our lives easier and more efficient…But increased interconnection also brings increased security and privacy risks”

“After all, every device connected to the Internet is a point of entry for the kind of cyber attacks that can take our personal data and compromise our safety.” she said.

These new proposals aim to assure users that the manufacturers adhere to widely accepted cyber security standards. However, there was a proposed requirement that manufacturers disclose the length of time they’ll provide security updates for their devices and whether they’ll fix known security vulnerabilities, which raises issues.

Another possible risk is increased manufacturing costs are also a risk, which might make devices more expensive, although many will agree that the FCC’s proposal is a step in the right direction, but some are still hoping for further and mandatory security requirements.

I-His:     FCC:     FCC:     FCC:     NIST:     Tech Crunch:     Federal Register              Image: Stephen Phillips

You Might Also Read:

Blockchain Is The New IoT Standard:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« China Accuses The US Of Spying On Huawei
The Rapid Rise In DNS Attacks Demands New Approaches To Cyber Defense »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

Packet Ninjas

Packet Ninjas

Packet Ninjas is a niche cyber security agency with specialized expertise in the use of digital intelligence to strengthen cyber security.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

AKATI Sekurity

AKATI Sekurity

AKATI Sekurity is a security-focused consulting firm providing services specializing in Information Security and Information Forensics.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Citizen Lab - University of Toronto

Citizen Lab - University of Toronto

Citizen Lab focuses on research and development at the intersection of cyberspace, global security & human rights.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.