Internet of Things (IoT) devices have become an integral part of our daily lives and have revolutionised the way we live and interact with technology. From smart home devices to wearable fitness trackers, IoT has been woven so seamlessly into our daily lives that we often don’t think about it. And that’s the beauty of it. However, many consumer IoT products are designed with a focus on functionality and cost, often neglecting cybersecurity provisions.
This leaves these devices vulnerable to cyberattacks, compromising consumer privacy and data. The Mirai botnet attack in 2016, which utilised Internet of Things devices, serves as a stark reminder of the potential risks associated with insecure Internet of Things devices.
Government intervention
Thankfully, governments are taking important steps to address these risks and enabling consumers to make more informed decisions. Most recently, the US has launched its Cyber Trust Mark, a voluntary labelling program to drive awareness around the security provisions of these smart devices, so that consumers are aware before buying into said product.
This comes in the wake of similar regulations that have mushroomed such as the EU’s Cyber Resilience Act. Closer to home, Australia has also rolled out similar cybersecurity label scheme for Internet of Things devices. One the earliest adopters of this initiative goes to Singapore — the Cybersecurity Labelling Scheme (CLS) introduced by the Cyber Security Agency of Singapore (CSA) was the first of its kind in the Asia Pacific region.
In view of the ongoing efforts by companies and governments across the globe, working towards safeguarding IoT devices, and establishing international standards for IoT security, we sit down with Kelvin Lim, Director of Security Engineering, Asia Pacific, Synopsys Software Integrity Group, to understand more about how the CLS IoT labelling scheme has been doing in Singapore so far, and the lessons other firms can take away in the space of security.
How has the CLS been received in Singapore?
CLS has been well-received by industry experts and manufacturers. There are several global, regional, and local manufacturers of IoT products having their products tested here. As of 14 August this year, Singapore has already certified 287 products through the CLS program.
This success speaks for itself, and the fact that another scheme has since been rolled out to include medical devices (Cybersecurity Labelling Scheme for Medical Devices) shows a proactive stance of the Singapore government to push for a safe and secure smart nation.
CLS will help raise the bar of cybersecurity in Singapore and make the country an attractive destination for businesses to manufacture smart devices. For consumers, the easy-to-understand labels will enable even the non-tech savvy individuals to easily make informed decisions about the level of cybersecurity protection of the product they purchase.
How has this impacted the medical device industry?
More medical device manufacturers will adopt the standard as it gains recognition and traction in Singapore. By extending the CLS to medical devices, Singapore has emphasised the importance of cybersecurity in healthcare technologies. This will compel medical device manufacturers to prioritise the security of their devices, ensuring the privacy of patients.
Any impact on consumer preference?
Today’s consumers are discerning. Increasingly so, they are invested in how their personal data is being used and stored, and how businesses are handling their private information. In light of this, consumers are more likely to buy a smart product with a Cybersecurity Labelling Scheme label. It serves as a reassuring benchmark that the smart products they purchase and use have gone through rigorous testing and a higher level of security is ensured.
But for consumers who are not aware of CLS, they may gravitate towards well-known brand names or manufacturers with global presence. It will give them the confidence that security of the devices they have purchased are looked into and secure, even though they may not be certified under the CLS scheme, or are on par with the security benchmark in Singapore.
This collaboration between Singapore and Germany demonstrates the value of international cooperation in advancing IoT cybersecurity. The mutual recognition was received positively by industry experts and manufactures alike. The agreement not only saves the manufacturers money and time on duplicate testing, but also opens up access to new markets.
The Future of IoT
The future of IoT labelling is promising. IoT labelling is a trust mark, providing consumers with the assurance that certified devices meet stringent cybersecurity standards. It also encourages manufacturers to prioritise cybersecurity in their product development process.
As the Internet of Things landscape continues to evolve, it is imperative that consumers, manufacturers, and governments work together to build a secure and resilient Internet of Things ecosystem. By understanding the emerging risks in Internet of Things security and implementing robust application protection measures, we can harness the full potential of IoT.
Kelvin Lim is the Director of Security Engineering, APAC at Synopsys Software Integrity Group.
