New cyber security label for smart devices

Scheme aimed at guiding consumer decisions could raise standards for such gadgets globally

From smart speakers to high-tech light bulbs, Internet of Things devices are expected to surge in popularity.
From smart speakers to high-tech light bulbs, Internet of Things devices are expected to surge in popularity.PHOTO: JBL

A new labelling scheme to indicate the cyber security levels of home devices has been launched here, with plans to have the standards adopted at the international level.

The Cybersecurity Labelling Scheme (CLS) will be similar to energy labels, with a tiered reference to security levels to help consumers make informed decisions.

The voluntary scheme was launched yesterday at the Asean Ministerial Conference on Cybersecurity - held as part of the fifth Singapore International Cyber Week - at Marina Bay Sands.

Communications and Information Minister S. Iswaran said at the event that the scheme will strengthen cyber security around Singapore's Internet of Things (IoT), and could raise the global security standards of IoT devices. IoT refers to physical devices linked to one another and the Internet.

"The scheme is the first of its kind in the Asia-Pacific. It establishes cyber security rating levels for registered smart devices, such as home routers and smart home hubs," said Mr Iswaran, who is also Minister-in-charge of Cybersecurity.

"Manufacturers of IoT devices can voluntarily apply for the CLS."

The Cyber Security Agency of Singapore (CSA) will be administering the label, which was introduced earlier this year. The agency is waiving application fees for the first year to encourage adoption.

Mr Iswaran said the Government intends to use the label to raise the security standards of products not only in Singapore, but also internationally. "With the labels, consumers can easily assess the level of security of each device and make informed purchasing choices," he said.

"CSA plans to work with Asean member states and other international partners to establish mutual recognition arrangements for the CLS, to enhance security standards of the global IoT device market."

From smart speakers to high-tech light bulbs to robot vacuum cleaners, IoT devices are expected to surge in popularity.

Market research firm Gartner has estimated that IoT devices in use will grow from 8.4 billion globally in 2017 to 20.4 billion this year, with twice as many consumer installations as industrial ones.

Singapore's cyber security labelling scheme follows the European Union's standard for IoT devices, which spells out the minimum standards for manufacturers to meet, including having no default passwords and ensuring that there are regular software updates over the air without user supervision.

Singapore is among the first group of nations to adopt such a standard.

There are four levels in the scheme, each represented by an asterisk. In order to pass the standards for the first two levels, manufacturers need to submit a declaration of compliance along with supporting evidence. For the two higher levels, they will need to submit an assessment report by a laboratory approved by CSA.

The agency started accepting applications for the label yesterday. The labels will first be rolled out to Wi-Fi routers and smart home hubs, due to their wide use and potential security risks.

Mr Ronnie Lee, general manager of Lenovo Singapore, said the firm plans to apply the CLS to its IoT devices, adding that the scheme comes at a good time, with customers becoming increasingly concerned about cyber security.

"It will benefit customers, who can now make informed decisions on which devices to purchase, depending on the different security levels they may require," he said.

A version of this article appeared in the print edition of The Straits Times on October 08, 2020, with the headline 'New cyber security label for smart devices'. Print Edition | Subscribe