Jump in number of smart devices recognised as secure under Singapore national label

By using gadgets certified under the Cybersecurity Labelling Scheme, consumers are less likely to encounter cyber risks. PHOTO: ST FILE

SINGAPORE - A national labelling scheme that helps consumers figure out how secure the smart devices they buy, like Wi-Fi routers, are against cyber risks has had a jump in the number of certified devices in six months - from 13 in April to 40 now.

By using gadgets certified under the Cybersecurity Labelling Scheme, consumers are less likely to encounter incidents such as cyber criminals hacking into Internet Protocol (IP) cameras to peep on them, or breaking into home routers to access the data that victims send over the Internet.

The scheme's most recently added devices were labelled on Sept 30, including 14 Wi-Fi routers from search giant Google and major router brand Asus.

This is amid interest from consumers for the labelling initiative, which certifies Internet of Things (IoT) products such as routers and IP cameras.

Survey findings released by cyber-security firm McAfee in May found that half of adults in Singapore said they would consider buying gadgets under the Cyber Security Agency of Singapore's (CSA) scheme.

The voluntary labelling scheme was launched about a year ago and, so far, CSA has received more than 100 applications.

It was meant to help address mounting concerns that hackers are increasingly targeting Internet-connected devices even as an explosion of these gadgets is predicted. For instance, McAfee found that the number of new IoT malware grew globally by 58 per cent from the fourth quarter of 2019 to the first quarter of last year.

The cyber-security labels have four rating levels, with Level 1 meaning the device maker has ensured there is a unique log-in password and software updates are pushed automatically to the products.

The highest Level 4 rating requires products to be sent for structured penetration tests conducted by CSA-approved third-party labs.

For now, four devices have obtained the Level 4 rating - the Government Technology Agency's TraceTogether contact tracing token, one Google Nest router and two Asus routers.

Other IoT devices certified under the national scheme include smart curtains, smart lights, smart switches, firewall devices, smart home hubs and more routers from Aztech, BroadLink, Home-A-Genius, HomeAuto Solutions, Koble, Prolink, Signify and TeamRed Labs.

Senior Minister of State for Communications and Information Janil Puthucheary also announced on Wednesday (Oct 6) that Singapore was signing an agreement with Finland to mutually recognise the cyber-security labels for IoT gadgets issued by each country.

Under the agreement, products certified under Finland's Cybersecurity Label will be recognised in Singapore as having achieved a Level 3 rating under Singapore's labelling scheme, and vice versa.

This is the first such mutual recognition of labels and CSA said it will "continue to engage other like-minded partners to facilitate more of such recognitions".

The Government Technology Agency's TraceTogether contact tracing token (above) has obtained the Level 4 rating. PHOTO: ST FILE

Such moves are planned to reduce duplication in testing devices across different countries, said the agency. They are also aimed at improving the ability of manufacturers to sell their IoT devices with the cyber-security labels across countries.

CSA's Cybersecurity Labelling Scheme is also planned to be extended beyond consumer products.

The Google Nest router (above) has obtained the Level 4 rating. PHOTO: GOOGLE

Currently, the scheme's principles have been used to inform the development of a new national standard that can be adopted by manufacturers, developers, testing bodies and suppliers of consumer IoT devices globally.

Dubbed Technical Reference 91, it was launched on Wednesday by CSA and the Singapore Standards Council, which is overseen by Enterprise Singapore.

"We hope that (the standard) can encourage more IoT manufacturers to be proactive in building safe and secure consumer IoT devices," said Dr Janil.

He also announced that CSA is tapping the defence system and capabilities of partners to give the agency early-warning alerts on IoT attacks.

These could, for instance, be attacks mounted by hackers controlling malware-infected IoT gadgets to disrupt other systems in Singapore.

CSA said the insights from the partnership could also allow Singapore to develop and put in place policies and measures to safeguard against threats.

The partners working with the agency are the Global Cyber Alliance - a non-profit organisation based in New York, London and Brussels that seeks to make the Internet a safer place - and home-grown cyber-security firm Ensign InfoSecurity.

"We hope that the result of this partnership will be a better prepared and safer IoT cyberspace that can safeguard our digital economy and our digital way of life," said Dr Janil.

Join ST's Telegram channel and get the latest breaking news delivered to you.