Cybersecurity Labelling Scheme
In recent years, there has been an exponential increase in the number of connected Internet of Things (IoT) devices in the world. It is estimated that there will be about 75 billion IoT devices by 2025, a five-fold increase from the 15 billion devices that were connected in 2015.1
Despite the growth in number of IoT products in the market, many consumer IoT products have been designed to optimise functionality and cost over security. As a result, many of them have little to no security features built-in. This poses cybersecurity risks such as the compromise of consumers’ privacy and data. Compromised IoT devices can also be used by threat actors to form a botnet to launch Distributed Denial of Service attacks which could bring down Internet services. One example of this is the Mirai botnet attack in 2016 which were carried out via innocuous IoT devices, such as home routers and IP cameras. The attack left much of the internet inaccessible in the US East Coast.
While consumers may want to choose a more secure product, information on the amount of security built into a device is often not made known by manufacturers. Thus, consumers are unable to make informed decisions.
How the Scheme Works
As part of our efforts to better secure Singapore’s cyberspace and raise cyber hygiene levels, CSA will introduce the Cybersecurity Labelling Scheme (CLS) this year for network-connected smart devices.
The CLS will be launched as a voluntary scheme to allow time for the market and developers to understand how the scheme benefits them. CSA will monitor the response to the scheme.
The cybersecurity labels will provide an indication of the level of security that is embedded in the products. Consumers can choose products with better security rating using the information on the cybersecurity label.
The CLS aims to incentivise manufacturers to develop and provide products with recognised and improved cybersecurity features. The cybersecurity labels will also serve to differentiate smart devices with better cybersecurity provisions in the market, from their competitors.
The CLS is an initiative under the Safer Cyberspace Masterplan, which is a larger plan to create a safer cyberspace and protect the public and enterprises against cyber threats, as Singapore moves towards a Digital Economy and Smart Nation.
More details on the CLS and the registration process will be announced in due course. For more information, please refer to the following resources: