Cyber-security label for smart home devices
By Irene Tham
A cyber-security label similar to the energy-efficiency labels on home appliances will be rolled out to help buyers of smart devices better judge how exposed they are to cyber risks. This label will be stuck on Wi-Fi routers and smart home hubs for a start, as part of Singapore’s new Safer Cyberspace Masterplan designed to protect consumers and small firms.
The labelling scheme will be extended to more Internet of Things (IoT) or connected devices to help users, who are often unaware of the security risks.
Announced by Senior Minister of State for Communications and Information Janil Puthucheary in Parliament yesterday, the initiative aims to address this “growing area of concern”.
“The scheme will raise consumer awareness of more secure products and aims to encourage manufacturers to adopt additional cyber-security safeguards,” said Dr Janil during the debate on the Ministry of Communications and Information’s budget.
To be launched later this year, the scheme will initially be voluntary, administered by the Cyber Security Agency of Singapore (CSA).
Singapore’s labelling scheme will follow the European Union’s standard for IoT devices, which spells out the minimum standards for manufacturers, including having no default passwords and ensuring there are regular software updates over the air without user supervision.
Singapore is among the first group of countries to adopt the standard.
CSA said that the labels will indicate the security provisions present in the smart devices. More details will be announced later.
From robot vacuum cleaners to smart light bulbs and door locks, IoT devices are poised to surge in popularity.
Market research firm Gartner has estimated that the number of IoT devices in use globally will grow from 8.4 billion in 2017 to 20.4 billion this year, with twice as many consumer installations as industrial ones.
But the rules surrounding how IoT devices are designed for cyber security are lax, raising concerns about major privacy and security risks as such devices proliferate.
Dr Janil, who is also Minister-in-charge of the Government Technology Agency that is behind the public sector’s technology transformation, said a public consultation is in the works to establish minimum IoT security standards.
The initiative is part of Singapore’s new Safer Cyberspace Masterplan, which will be launched later this year.
The masterplan will broadly contain measures to help consumers and small businesses stay cybersafe, but its details are still being worked out.
It complements other plans launched previously for critical service sectors like energy, telecommunications and banking, said Dr Janil, in answering questions from several MPs on the Government’s cyber-security efforts.
The earlier plans include the Operational Technology (OT) Cybersecurity Masterplan, launched last year. It addresses OT systems, including traffic light controls, train-signalling systems, sensors detecting the chemical content in drinking water and the electricity grid.
Consumers welcome the cyber-security labels. Technology consultant Larry Leong, 52, likened them to hawkers’ hygiene labels, saying the scheme would raise cyber-security awareness among consumers.
“However, the devil is in the details, including manufacturers’ willingness to have their product designs audited,” said Mr Leong.
Security also comes at a cost, said Mr Aloysius Cheang, a board director at the International Information System Security Certification Consortium, a United States-based non-profit entity.
“Even if manufacturers choose to adopt the labels, the hassle and additional costs involved could make our market unattractive.