Industry Groups Urge Fixes to FCC's Cybersecurity Labeling at House Hearing

WASHINGTON, January 17, 2024 – The Federal Communications Commission should make alterations to its proposed new labeling cybersecurity labeling system by making the label optional and increasing accessibility for consumers and the private sector, witnesses told a House subcommittee hearing on Thursday. 

In August, the FCC unveiled its proposed Cyber Trust Mark, a labeling program which would help consumers identify secure technologies that protect their privacy.

The FCC touted the cyber trust mark as a voluntary labeling program for connected smart devices, with a QR code providing updates on whether the product meets current cybersecurity standards.

Despite broadly supporting the agency’s proposed program, Tobin Richardson, CEO of Connectivity Standards Alliance – a constellation of companies that promote universal standards for the Internet of Things – suggested that the “FCC structure the program to allow it to be strong enough to meaningfully address IoT security, be flexible enough to incentivize private sector adoption, and be informative enough for consumers when they purchase new products.” 

He also suggested that the program remain voluntary and that the FCC not mandate the label. 

Alan Butler, executive director of consumer privacy group Electronic Privacy Information Center, said that a consumer website on the safety of their technologies could serve as an additional layer of protection. This would allow the FCC to limit the amount of information on the label and avoid confusing consumers. Consumers expect to understand if their devices could pose potential threats, he said. 

Clete Johnson, senior fellow of Center for Strategic and International Studies, urged the FCC to “establish the mark as an opt-in program.” 

Committee members and witnesses also discussed how generative artificial intelligence “lowers the barrier to entry” for cybercriminals to attack victims. 

The hearing also touched on the significant expenses organizations incur when trying to hire personnel necessary to protect themselves from cyberattacks. The witnesses also mentioned the necessity of “adaptive” technologies, which can be “upgraded” to address evolving threats. 

The United States has been exposed to various cyberattacks in recent years, causing lawmakers to scramble for solutions to potential cybersecurity vulnerabilities. In June 2023, several U.S. governmental agencies, including the Department of Energy, were victims of Russian cyberattacks. 

In July 2023, the Biden Administration issued a statement voicing support for the proposed Cyber Trust Mark, citing urgency of providing, “ tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes”

In December 2023, it was revealed that Chinese hacking groups infiltrated critical governmental sectors including water, utilities, and gas pipelines.