Internet of Things (IoT) devices have become an integral part of our daily lives and have revolutionised the way we live and interact with technology. From smart home devices to wearable fitness trackers, IoT has been woven so seamlessly into our daily lives that we often don’t think about it. And that’s the beauty of it.
However, many consumer IoT products are designed with a focus on functionality and cost, often neglecting cybersecurity provisions. This leaves these devices vulnerable to cyberattacks, compromising consumer privacy and data. The Mirai botnet attack in 2016, which utilised IoT devices, serves as a stark reminder of the potential risks associated with insecure IoT devices.
Government intervention
Thankfully, governments are taking steps to address these risks and enabling consumers to make more informed decisions. Most recently, the US has launched its Cyber Trust Mark, a voluntary labelling programme to drive awareness around the security provisions of these smart devices, so that consumers are aware before buying into said product.
This comes in the wake of similar regulations that have mushroomed like the EU’s Cyber Resilience Act. Closer to home, Australia has also rolled out a similar cybersecurity label scheme for IoT devices. One of the earliest adopters of this initiative goes to Singapore — the Cybersecurity Labelling Scheme (CLS) introduced by the Cyber Security Agency of Singapore (CSA) was the first of its kind in the APAC region.
In view of the ongoing efforts by companies and governments across the globe, working towards safeguarding IoT devices, and establishing international standards for IoT security, we sit down with Kelvin Lim, Director of Security Engineering, Asia Pacific, Synopsys Software Integrity Group, to understand more about how the CLS IoT labelling scheme has been doing in Singapore so far, and the lessons other organisations can take away in the space of security.
With emerging regulations along these lines in other regions, how has the Singapore Cybersecurity Labelling Scheme (CLS) been received in Singapore?
Kelvin Lim: CLS has been well-received by industry experts and manufacturers. There are several global, regional, and local manufacturers of IoT products having their products tested here. As of 14 August this year, Singapore has already certified 287 products through the CLS program. This success speaks for itself, and the fact that another labelling scheme has since been rolled out specifically to include medical devices (Cybersecurity Labelling Scheme for Medical Devices — CLS(MD)) shows a proactive stance of the Singapore government to push for a safe and secure smart nation.
CLS will help raise the bar of cybersecurity in Singapore and make the country an attractive destination for businesses to manufacture smart devices. For consumers, the easy-to-understand labels will enable even non-tech-savvy individuals to easily make informed decisions about the level of cybersecurity protection of the product they purchase.
How has this impacted the medical device industry in particular?
More medical device manufacturers will adopt the standard as it gains recognition and traction in Singapore. By extending the CLS to medical devices, Singapore has emphasised the importance of cybersecurity in healthcare technologies. This will compel medical device manufacturers to prioritise the security of their devices, ensuring the safety and privacy of patients.
Has this impacted consumer preference?
Today’s consumers are discerning. Increasingly so, they are invested in how their personal data is being used and stored, and how businesses are handling their private information. In light of this, consumers are more likely to buy a smart product with a CLS label. It serves as a reassuring benchmark that the smart products they purchase and use have gone through rigorous testing and a higher level of security is ensured.
However, consumers who are not aware of CLS may gravitate towards well-known brand names or manufacturers with a global presence. That will give them the confidence that the security of the devices they have purchased is looked into and secure, even though they may not be certified under the CLS scheme, or are on par with the security benchmark in Singapore.
How has the mutual recognition of Germany’s labelling scheme been received, and has it produced additional results/value since it was finalised in October of last year?
This collaboration between Singapore and Germany demonstrates the value of international cooperation in advancing IoT cybersecurity. The mutual recognition was received positively by industry experts and manufacturers alike. The agreement not only saves the manufacturers money and time on duplicate testing but also opens up access to new markets.
The Future of IoT
Looking ahead, the future of IoT labelling is promising. IoT labelling serves as a trust mark, providing consumers with the assurance that certified devices meet stringent cybersecurity standards. It also encourages manufacturers to prioritise cybersecurity in their product development process.
As the IoT landscape continues to evolve, it is imperative that consumers, manufacturers, and governments work together to build a secure and resilient IoT ecosystem. By understanding the emerging risks in IoT security and implementing robust application protection measures, we can harness the full potential of IoT.
*This article was written by Hui Peng, Melissa and Ian from McGallen & Bolden Pte Ltd.