The Infocomm Media Development Authority (IMDA) of Singapore has launched a new IoT Cyber Security Guide to offer enterprise users and their vendors better guidance on deploying IoT technology.
Developed in consultation with city state’s Cyber Security Agency amid the growing adoption of IoT devices, the document provides practical tips to help companies address the cyber security aspects of IoT systems in the acquisition, development, operation and maintenance of these systems.
The guide introduces foundational concepts and provides a set of baseline recommendations and a checklist for users and vendors.
“As companies deploy more IoT systems and devices to improve business efficiency and productivity, it also exposes them to more cyber security threats and vulnerabilities. I encourage companies and vendors to adopt the new IoT Cyber Security Guide and take cyber security into consideration early at the point of designing and developing their IoT systems to better protect their businesses from cyber security threats and the damage they bring,” said IMDA deputy chief executive Aileen Chia.
The document provides a holistic approach to identifying and mitigating the threats and vulnerabilities posed by IoT systems. It covers a wide range of practical issues faced by IoT vendors and their users such as:
- Fundamental IoT security design principles
- Security Impact categories for identification of assets of interests
- Threat categories for the enumeration of threats, from both cyber and physical perspectives
- Attack surface categories that are common to IoT devices.
- System and device life cycles with different threat considerations for each cycle
- Assessment of threats
Enterprise users welcomed the release of the new document.
“Many businesses are embracing the use of transformative technologies using IoT and while IoT promises a wealth of opportunities, it ushers in new threats and vulnerabilities. The IoT guide initiative by IMDA is a commendable effort that helps organisations navigate the design and use of IoT in a more secured way. It paves the way for organisations to provide feedback and share them with the larger IoT community on what can and should not be done,” said P Ramakrishnan, CEO of CIO Academy.