Devices connected through the Internet of Things (IoT) have become deeply embedded in our everyday lives, thoroughly transforming how we engage with technology. From advanced home automation to wearable health monitors, the presence of IoT is so ingrained that we frequently overlook its existence, making it truly remarkable.
However, many of these consumer IoT devices prioritise features and affordability, often sidelining essential cybersecurity provisions. This oversight makes them susceptible to digital threats, jeopardising user privacy and data. The 2016 Mirai botnet attack, which exploited IoT gadgets, underscores the looming dangers of poorly secured IoT systems.
Thankfully, governments globally are recognising these risks and acting on the security concerns raised, empowering consumers with the knowledge to make safer choices. The US has recently introduced the Cyber Trust Mark, a discretionary labelling system that promotes the understanding of a smart device's security provisions before a purchase is made.
This initiative mirrors others that have emerged prior, like the EU's Cyber Resilience Act. Closer to home, Australia has also implemented a similar cybersecurity label scheme for IoT devices. Notably, Singapore took the lead in the APAC region with their Cybersecurity Labelling Scheme (CLS) presented by the Cyber Security Agency of Singapore (CSA).
Given the collaborative efforts of businesses and governments worldwide to fortify IoT devices and develop universal IoT security benchmarks, we sit down with Kelvin Lim, director of security engineering, Asia Pacific, at Synopsys Software Integrity Group to understand more about how the CLS IoT labelling scheme has been doing in Singapore so far, and the lessons other organisations can take away in the space of security.
Given the rise of similar regulations in various regions, how has Singapore's Cybersecurity Labelling Scheme (CLS) fared locally?
Kelvin Lim: The CLS has garnered positive feedback from both industry experts and manufacturers. A mix of international, regional, and local IoT product manufacturers are getting their products assessed in Singapore. As of 14 August, this year, there are over 200 products endorsed under the CLS initiative.
"This track record speaks volumes, and the subsequent introduction of another scheme that has since been rolled out specifically for medical devices — the Cybersecurity Labelling Scheme for Medical Devices (CLS(MD)) — underlines Singapore's proactive approach to ensuring a digitally secure and advanced nation."Kelvin Lim
The CLS initiative will bolster Singapore's cybersecurity standards, positioning it as a preferred hub for smart device production. From consumers, intuitive labels will help even those without technical expertise to navigate their decision process when purchasing IoT devices.
How has this influenced the medical device industry?
Kelvin Lim: More medical device manufacturers will adopt the standard as it gains recognition and traction in Singapore. By extending the CLS to medical devices, Singapore has emphasised the importance of cybersecurity in healthcare technologies.
This will compel medical device manufacturers to prioritise the security of their devices, ensuring the safety and privacy of patients.
How has the introduction of these labelling schemes impacted consumer preference?
Kelvin Lim: Today’s consumers are judicious. Increasingly so, they are invested in how their personal data is being used and stored, and how businesses are handling their private information. Consequently, consumers are more likely to buy a smart product sporting the CLS label.
It serves as a reassuring quality seal that the smart products they purchase and use have gone through stringent checks and are perceived as more secure, compared to one without.
However, those unfamiliar with CLS might gravitate towards renowned brands or manufacturers with a global footprint.
These renowned brands have built trust in consumers over many years, and are automatically associated with offering secure devices, regardless if they have the CLS certification or are on par with the security benchmark in Singapore.
Since its inception, how has the mutual recognition with Germany’s labelling scheme fared, and did it bring any value since it was finalised in October last year?
Kelvin Lim: The joint effort between Singapore and Germany epitomises the significance of global alliances in fortifying IoT security. This mutual acknowledgement has been warmly received by the industry and manufacturers. Beyond saving resources and avoiding repetitive tests, this accord also grants entry to new markets.
The path ahead for IoT
The horizon looks bright for IoT labelling. Such labels serve as badges of trust, assuring consumers of a device's compliance with rigorous cybersecurity norms. They also prompt manufacturers to prioritise cybersecurity in their product development process.
As the IoT landscape continues to evolve, it is imperative that consumers, manufacturers, and government work together to build a secure and resilient IoT ecosystem. By understanding the emerging risks in IoT security and implementing robust application protection measures, we can harness the full potential of IoT.