The US Security Standard For IoT Devices

The US government has launched its long-awaited Internet of Things (IoT) cyber security labelling program with the aim of protecting people the security risks associated with Internet-connected devices. Now, the US Federal Communications Commission (FCC) has released a cyber security labelling program to improve users security of the IoT.

“These smart devices or products might include home office routers, digital personal assistants, home security systems, voice-activated shopping, Internet-connected appliances, fitness trackers, GPS trackers, medical devices, garage door openers, and baby monitors,” the FCC has said in a press release.

The aim is to “To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications,” says the US Government Federal Register.

The FCC says the program will be similar to the Energy Star program, which helps users identify energy-efficient appliances, and promote more cyber secure smart devices.

The enormously growing numbers of smart products already connected to networks bring enormous security challenges.

IoT devices are susceptible to a wide range of vulnerabilities, such as default passwords, a lack of regular security updates, weak encryption, and insecure authentication. Furthermore, since IoT devices are often installed in public spaces or remote locations, their physical security may also be compromised, vulnerable to theft, tampering, vandalism, or unauthorised access.

FCC Chairwoman Jessica Rosenworcel contends that while beneficial, increased interconnection also brings increased security risk, saying: “Smart devices make our lives easier and more efficient…But increased interconnection also brings increased security and privacy risks”

“After all, every device connected to the Internet is a point of entry for the kind of cyber attacks that can take our personal data and compromise our safety.” she said.

These new proposals aim to assure users that the manufacturers adhere to widely accepted cyber security standards. However, there was a proposed requirement that manufacturers disclose the length of time they’ll provide security updates for their devices and whether they’ll fix known security vulnerabilities, which raises issues.

Another possible risk is increased manufacturing costs are also a risk, which might make devices more expensive, although many will agree that the FCC’s proposal is a step in the right direction, but some are still hoping for further and mandatory security requirements.

I-His:     FCC:     FCC:     FCC:     NIST:     Tech Crunch:     Federal Register              Image: Stephen Phillips

You Might Also Read:

Blockchain Is The New IoT Standard:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« China Accuses The US Of Spying On Huawei
The Rapid Rise In DNS Attacks Demands New Approaches To Cyber Defense »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.