New facility at NTU to help firms assess cyber security of digital devices

Companies looking to evaluate the cyber-security robustness of their digital devices, including Internet of Things (IoT) products such as Wi-Fi routers and remote-controlled digital locks, can now do so at a new facility in Nanyang Technological University (NTU).

The National Integrated Centre for Evaluation will contribute to research and development in advanced security evaluation techniques, such as those for software and hardware security protection.

The $19.5 million facility, a collaboration between NTU and the Cyber Security Agency (CSA) of Singapore, was officially opened last Wednesday.

Its cyber-security evaluation equipment can be accessed by companies, and a pool of research and technical staff will be present at the centre to assist firms seeking to use the equipment.

The facility will also provide professionals in the cyber-security as well as testing, inspection and certification industries with training courses, which are aimed at upskilling them or furthering their academic qualifications.

Minister for Communications and Information Josephine Teo, the guest of honour at the opening ceremony, said the centre brings together industrial and research expertise in cyber-security evaluation under one roof.

"This is incidentally also a first for the testing, inspection and certification industry in the Asean region," said Mrs Teo, who is also Minister-in-charge of Smart Nation and Cybersecurity.

Noting that some experts had estimated there could be up to 64 billion IoT devices globally - or about eight products per person - by 2025, Mrs Teo said the number of such devices here can be expected to increase exponentially as well.

"Each of the devices could contain any number of vulnerabilities which allow hackers to steal sensitive data, compromise privacy or even take over control to conduct cyber attacks or cause physical impact," she said.

"To guard against such risks, it is inevitable that device manufacturers respond to customer concerns through testing and certification."

In her speech, Mrs Teo announced a new initiative to complement the Cybersecurity Labelling Scheme (CLS), which assesses the cyber-security levels of smart devices and certifies them under one of four levels, with Level 4 the highest rating.

The new initiative, CLS-Ready, will assess and label device components such as semiconductor chips that have undergone testing required for a Level 4 rating.

Devices using a CLS-Ready certified component can rely on the certification of the component to meet Level 4 rating requirements.

In a statement, CSA said device manufacturers leveraging CLS-Ready certified components can focus on developing the functionalities of their products without having to invest heavily in a team to develop the cyber-security aspects of these devices.

Chip manufacturers will also stand to benefit as a single piece of CLS-Ready hardware will be able "to support multiple end devices, thus expanding their market reach", the agency said.