Singapore to Enforce Cybersecurity Labelling Scheme for IoT Devices

Singapore has joined the countries that elaborate on a cybersecurity labeling scheme allowing users to quickly assess a product’s security before buying it, according to the Cyber Security Agency of Singapore (CSA).

Australia and the UK are just two of the countries looking to regulate the chaotic Internet of Things ecosystems. Its poor security track record makes IoT a perfect candidate for this kind of regulation, which doesn’t necessarily pressure manufacturers into making the devices safer, just to make them accordingly for sale.

Many IoT devices don’t spend a lot of time in production, and companies aim to bring them to market as quickly as possible, ignoring many security features. Coupled with quick obsolescence, IoT devices become infection vectors for threat actors and, sometimes, part of botnets that bad actors build to launch Distributed Denial of Service (DDoS) attacks.

“The Cybersecurity Labelling Scheme (CLS) is the first of its kind in the Asia-Pacific region,” says CSA. “Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions. This will enable consumers to identify products with better cybersecurity provisions and make informed decisions.”

“The CLS also aims to help manufacturers stand out from their competitors and be incentivised to develop more secure products. Currently, consumer smart devices are often designed to optimise functionality and cost. They also have a short time-to-market cycle, where there is less scope for cybersecurity to be incorporated into product design from the beginning.”

The first in line to be labeled according to the new scheme are Wi-Fi routers and smart home hubs because they are widely used and, when they are compromised, they can affect a large number of other devices connected to them.

The CSA won’t impose any application fees until December 6, 2021.