The US Security Standard For IoT Devices

Uploaded on 2023-10-09 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY-Key Areas-Internet of Things

The US government has launched its long-awaited Internet of Things (IoT) cyber security labelling program with the aim of protecting people the security risks associated with Internet-connected devices. Now, the US Federal Communications Commission (FCC) has released a cyber security labelling program to improve users security of the IoT.

“These smart devices or products might include home office routers, digital personal assistants, home security systems, voice-activated shopping, Internet-connected appliances, fitness trackers, GPS trackers, medical devices, garage door openers, and baby monitors,” the FCC has said in a press release.

The aim is to “To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications,” says the US Government Federal Register.

The FCC says the program will be similar to the Energy Star program, which helps users identify energy-efficient appliances, and promote more cyber secure smart devices.

The enormously growing numbers of smart products already connected to networks bring enormous security challenges.

IoT devices are susceptible to a wide range of vulnerabilities, such as default passwords, a lack of regular security updates, weak encryption, and insecure authentication. Furthermore, since IoT devices are often installed in public spaces or remote locations, their physical security may also be compromised, vulnerable to theft, tampering, vandalism, or unauthorised access.

FCC Chairwoman Jessica Rosenworcel contends that while beneficial, increased interconnection also brings increased security risk, saying: “Smart devices make our lives easier and more efficient…But increased interconnection also brings increased security and privacy risks”

“After all, every device connected to the Internet is a point of entry for the kind of cyber attacks that can take our personal data and compromise our safety.” she said.

These new proposals aim to assure users that the manufacturers adhere to widely accepted cyber security standards. However, there was a proposed requirement that manufacturers disclose the length of time they’ll provide security updates for their devices and whether they’ll fix known security vulnerabilities, which raises issues.

Another possible risk is increased manufacturing costs are also a risk, which might make devices more expensive, although many will agree that the FCC’s proposal is a step in the right direction, but some are still hoping for further and mandatory security requirements.

I-His:     FCC:     FCC:     FCC:     NIST:     Tech Crunch:     Federal Register              Image: Stephen Phillips

You Might Also Read:

Blockchain Is The New IoT Standard:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« China Accuses The US Of Spying On Huawei
The Rapid Rise In DNS Attacks Demands New Approaches To Cyber Defense »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

ETSI

ETSI

ETSI is a European Standards Organization dealing with telecommunications, broadcasting and other electronic communications networks and services including cybersecurity.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.