Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Federal Communications Commission. Show all posts

Cyber Trust Mark: U.S. Administration Introduces Program to Boost Home Security


This Tuesday, Joe Biden’s government announced a ‘U.S. Cyber Trust Mark’ program that will focus on cybersecurity certification and product labels of smart home tech, as a step to help consumers choose products that provide better protection against cyber activities.

The new program was proposed by the Federal Communications Commission Chairwoman Chairperson Jessica Rosenworcel. The program apparently aims at helping consumers make well-informed decisions over purchasing products, like identifying the marketplace with advance cybersecurity standards.

"The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes," the administration said.

U.S. Cyber Trust Mark

Under the proposed programs, consumers are likely to see a newly formed “U.S. Cyber Trust Mark” label, that will serve as a shield logo, distinguishing the products that satisfies the established cybersecurity criteria. Apparently, these criteria will be decided by the National Institute of Standards and Technology (NIST), which will include criteria like unique and strong default passwords, data protection, software updates and incident detection capabilities.

According to the administration, a number of significant retailers, trade groups, and manufacturers of consumer goods such electronics, appliances, and consumer goods have made voluntarily commitments to improve cybersecurity for the products they sell. Amazon, Best Buy, Google, LG Electronics USA, Logitech, and Samsung Electronics are among the participants.

Plans for the program was prior discussed by the Biden administration in late 2022 to establish a voluntary initiative with internet of things makers to help ensure products meet minimum security standards.

Reportedly, the FCC, which is responsible for regulating wireless communication devices is set to seek public comment regarding the labeling program by 2024.

According to the administration, the FCC is applying for registration to the U.S. Patent and Trademark Office to register a national trademark that would be used on products that satisfy the predetermined standards. 

"The proposal seeks input on issues including the scope of devices for sale in the U.S. that should be eligible for inclusion in the labeling program, who should oversee and manage the program, how to develop the security standards that could apply to different types of devices, how to demonstrate compliance with those security standards, how to safeguard the cybersecurity label against unauthorized use, and how to educate consumers about the program," the FCC notice says.

The proposal highlights inclusion of a QR code to products that will provide consumers with information, pending a certification mark approval by the U.S. Patent and Trademark Office.

AT&T Alerts Millions About Data Breach That Exposed Sensitive Information

 


An internal supply chain cyber-incident that occurred in AT&T's supply chain revealed some sensitive information belonging to tens of millions of the company's customers, exposing them to some serious vulnerabilities in their systems. 

A hacking incident did occur in January 2023 against AT&T's marketing vendor, resulting in a data breach of AT&T's system.  

Approximately 9 million clients of the company have been given a precautionary warning after unauthorized access to their personal information was discovered.  

According to the company, in addition to the first names of buyers, the company also uncovered wireless account numbers and smartphone numbers, as well as e-mail addresses. 

There have been specific instances where a small number of impacted clients have had their prices, late fees, monthly fee amounts, fluctuating monthly expenses, and/or minutes used exposed. These have been the name of the price plan, late amount, or late charges. Moreover, AT&T acknowledged that the data was a few years old and was not updated regularly. 

The representative of the company confirmed that the supply chain was at risk and that its methods would not be compromised. Additionally, the company mentioned that the collected information is frequently linked to eligibility for improvements to devices. Although there is no way to prevent it, the company notified the police immediately about the incident that happened. 

AT&T, in a report published on Wednesday, said that there was no information in the breach that involved payment details, account passwords, Social Security numbers, or any other information relating to an individual. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility it said, characterizing the data as years old.  

The mobile carrier notified affected customers, it said. According to a notification posted on the AT&T Community forum.   The company informed its customers that they had notified federal law enforcement about unauthorized access to their CPNI as required by the Federal Communications Commission. 

The company's report to law enforcement does not contain specific information about their account, only that unauthorized access occurred.