MWC Speaker Urges FCC to Move Forward on Cyber Trust Mark Program
Eric Tamarkin, Samsung's public policy counsel, called on the FCC to move forward to fully implement the voluntary cyber trust mark program, approved by FCC commissioners 5-0 in March 2024 (see 2403140034). Tamarkin spoke during the final policy panel of the Mobile World Congress last week in Las Vegas.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Questions remain about the program after FCC Chairman Brendan Carr, who labeled it “a Biden-era cybersecurity program,” said in June that participants were being investigated for possible ties to China (see 2506200059). The agency cited concerns about UL Solutions, which was designated as the lead administrator, and other participating companies.
UL Solutions took steps last week to address the FCC's issues. In a filing in docket 25-270, it said JV Entity, a joint venture between UL and China Certification & Inspection, is withdrawing as an FCC-recognized testing laboratory and “has ceased all testing under the equipment authorization program.” The company was one of those cited by the FCC in September as it clamps down on China-owned labs (see 2509080058). UL didn’t immediately comment Friday.
“When the government reopens, we really hope that the FCC prioritizes implementation of this important program,” Tamarkin said. He noted that the first Trump administration raised concerns about botnets and IoT security in 2017. The trust mark is “basically a government-endorsed mark” on IoT devices indicating that they have met baseline security measures from the National Institute of Standards and Technology, including encryption, software updates and secure passwords, he said.
The trust mark program is good for manufacturers and consumers, Tamarkin added, “but it's also good for national security and the carriers that are here at the show, because if we can secure IoT devices, we can make sure network traffic is more secure, and we can make sure that critical infrastructure is protected.”
“Securing 5G means embedding security in every layer” of the network, said Alana Scott, director of security frameworks at Ericsson. “We've built security into our architecture using zero-trust principles, continuous monitoring and advanced threat analytics to ensure resilience.”
Scott said AI should be viewed, in part, as a tool for defending networks. Ericsson uses it to detect anomalies, automate threat responses and reduce the time to mitigate problems, she noted. AI isn’t “a silver bullet, but a force multiplier … when integrated responsibly into an existing cyber defense architecture.”
Tamarkin said questions remain about implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was intended in part to harmonize reporting of cyber incidents among federal agencies (see 2412160040). Those rules now aren’t expected from the Cybersecurity and Infrastructure Security Agency until next May, he said.
As a multinational company operating in many markets around the world, Samsung is “tracking a Kansas-size tornado of different reporting requirements on cyber incidents from Korea, Japan, Australia, the U.K., EU and the United States,” Tamarkin said.