How Singapore is tackling the smart device security issue
With the advent of the Internet of Things (IoT) today, one cannot go far without being connected to thing, or to one another.
Without a doubt, connectivity is a good thing. It has made the seemingly impossible possible (a mere 10 years ago, who would have known that it was possible to hail a cab with just with a tap on a screen?).
It’s even saved lives; just last year, for example, a man’s Apple watch had notified him of an irregular heartbeat, allowing him to get timely treatment before having a full-blown heart attack.
Such connected ‘smart’ devices, however, come with a drawback. Due to the extensiveness of connectivity, pockets of opportunity are aplenty for cyber-attacks. These can be devastating – a compromised device will easily increase the vulnerability of other connected devices. Sensitive data could be compromised as a result.
In an effort to mitigate the risk of cyber breaches as connected devices continue to proliferate, the Cyber Security Agency of Singapore has recently introduced the Cybersecurity Labelling Scheme (CLS) which aims to help consumers make informed purchasing choices about network-connected smart devices.
This, said the Senior Minister of State for Communications and Information (MCI), Janil Puthucheary, will address a “growing area of concern in the country-IoT.”
“Going forward, the use of these devices will only proliferate. However, users are often oblivious to the fact that security in these devices are weak and can easily be infiltrated.”
These labels will provide detailed security provisions in registered products. This will be done based on a series of assessments that determine if there are software vulnerabilities, as well as if products meet basic requirements, such as ensuring unique default passwords.
The scheme is a first in the Asia-Pacific region, and the MCI will first implement it on two products, namely WiFi routers and smart home hubs.
CLS is also structured in a way that is aligned to widely accepted global security standards for consumers of IoT products.
It has a twofold purpose: not only does it help customers make informed decisions, it also forces manufacturers and product vendors to prioritize product security.
All too often, security takes a backseat as consumer products are designed primarily with functionality and cost in mind. Puthucheary also noted that products have a short time-to-market cycle, and “there is less scope for cybersecurity design to be incorporated at the beginning.”
Singapore has been hard at work when it comes to cybersecurity. Since 2005, the country has been partnering with agencies and private sectors to formulate strategies to protect services from cyber threats, and to create secure cyberspaces for businesses and communities.
These strategies have evolved over the years to combat equally evolving threats. The CLS in itself is an initiative under the new Safer Cyberspace Masterplan, a larger plan with the goal of empowering a cyber-savvy population, raise cyber hygiene levels, and securing the country’s digital core.