Singapore is introducing a new Cybersecurity labelling scheme starting from home routers and smart home hubs, to enable informed decisions by consumers as well as to push the development of an industry basic standard by manufacturers.
Which are the security risks of IoT?
The advent of the Internet of Things (IoT) made the seemingly impossible, possible: as described by the Alliance for Internet of Things Innovation (AIOTI), IoT enabled multitudes of smart devices connecting and communicating with each other through one or several heterogeneous networks. Like any technological advance, IoT offers great opportunities but it also harbours substantial risks. In particular, as AIOTI states:
1. In the IoT, every networked device is a potential target for hackers.
2. In general, no user of a networked device – be it a business or a consumer – can be absolutely sure that the device only features those functions and only executes those data flows that have been specified by the persons or bodies authorised to do so.
To strengthen the trust of consumers, many organizations are working towards the development of the basic requirements for security and privacy.
What is the new Cybersecurity Labelling Scheme?
The Cyber Security Agency (CSA) of Singapore recently announced a new initiative on connected devices cybersecurity: the Cybersecurity Labelling Scheme (CLS). This initiative aims on one side, to enhance consumer awareness enabling them to make informed purchasing decisions, on the other to push manufacturers towards the development of an industry basic set of cybersecurity standards. As a first deployment step, the CLS will be applied on home routers and smart home hubs, prioritized among all connected devices due to their expected high adoption rate. In practical terms, the future cybersecurity labels will display which are the security provisions in each registered product, based on a defined set of assessments and tests, like: the absence of common software vulnerabilities, the presence of unique default password, and other basic security requirements.
To ensure the success of those initiatives, Singapore is not only working on process improvements, but also on people upskilling. That's why CSA will introduce the SG Cyber Talent program: the idea is to grow the sensibility towards cybersecurity among young citizens reaching out more than 20000 people over 3 years.
How is Singapore committing towards cybersecurity?
Singapore has been investing since 2005, partnering with agencies and private sectors to design protection strategies from cyber threats. The CLS is just one of the efforts Singapore is doing towards the protection of citizens on data privacy and cyber well-being. Another interesting initiative, for example, is the upcoming revision of the existing IoT Cybersecurity Guide, by the Infocomm Media Development Authority (IMDA), to promote security by design in all IoT technology related companies. Further examples of ongoing initiatives are: the introduction of measures to combat scam calls by the newly-established Inter-Ministry Committee on Scams, or the recently released guidelines on the responsible use of biometric technology by the Personal Data Protection Commission (PDPC).