Singapore to introduce security label for smart home devices

The proposed Cybersecurity Labelling Scheme for home routers and smart home hubs are part of efforts to increase consumer awareness around secured products and push manufacturers to deploy additional cybersecurity measures.

Singapore is planning to introduce a Cybersecurity Labelling Scheme (CLS) for home routers and smart home hubs as part of efforts to increase awareness about using secured products. It also hopes the initiative will push manufacturers to deploy enhanced cybersecurity measures and create a mandate for a set of minimum security requirements for home routers. 

Internet of Things (IoT) devices such as home routers and smart home hubs are a growing area of security concern, especially as the adoption of such devices are expected to grow significantly, said Singapore's Senior Minister of State for the Ministry of Communications and information, Janil Puthucheary. 

Speaking Tuesday at the MCI Committee of Supply Debate, he said these IoT devices typically have weak security protection and could be exploited by cyber attackers, who could then launch distributed denial-of-service (DDoS) attacks to overwhelm systems and disrupt operations. 

Singapore government must realise human error also a security breach

Latest data breach involving a government agency may have been the result of human error, but it should still be deemed a security breach and treated as a risk that needs to be addressed, rather than dismissed.

Read More

To plug such gaps, the Cyber Security Agency (CSA) has proposed to introduce the CLS for home routers and smart home hubs. This initiative aims to increase consumer awareness about the use of more secure products, as well as urge manufacturers to adopt additional cybersecurity measures, Puthucheary said. 

In addition, the Infocomm Media Development Authority (IMDA) would mandate a set of minimum security requirements for home routers, which the minister believes would improve baseline standards for such devices. These also would be the pre-requisite for manufacturers to secure the CLS for their products. 

The minister added that IMDA planned to publish an IoT Cybersecurity Guide to provide guidance for enterprises and their vendors on the deployment of IoT technologies. 

There is currently a version of an IoT Cybersecurity Guide that was released by IMDA in January 2019

During his speech, Puthucheary also touched on other efforts to better safeguard citizens' data privacy and cyber wellbeing. 

For instance, to protect consumers against scam calls, he said the IMDA had worked with local telcos to block international spammers from using commonly spoofed numbers such as 999 and 995. 

Future initiatives would include plans to mandate the use of the "+" symbol as a prefix for all overseas calls and disabling international scammers from using spoof numbers that looked local. This, he noted, would help consumers identify and reject international spoof calls. 

He added that the Singapore government would continue to unveil new measures to combat scams, with the Ministry of Communications and Information working alongside other agencies within the newly-established Inter-Ministry Committee on Scams to boost their collective efforts to combat the problem. 

In addition, to encourage the responsible use of facial recognition technology, the Personal Data Protection Commission (PDPC) and the Government Data Office this year will be releasing guidelines on the responsible use of biometric technology. These guides intend to encompass best practices and policies on the management of data collected via such technology. 

The PDPC oversees Singapore's Personal Data Protection Act (PDPA). 

According to Puthucheary, the government has been reviewing the PDPA to enhance the accountability of organisations with regards to online consent agreements. He noted that the PDPC last year updated the Guide to Notification to offer examples of how businesses should utilise just-in-time notifications and obtain dynamic consent. He said the guide would enable individuals to make informed decisions as and when relevant, instead of drafting one-off lengthy consent agreements.

The current review of the Act includes proposed amendments such as enforcing organisations to notify affected individuals and the PDPC of significant data breaches, boosting the PDPC's enforcement powers, and instilling accountability practices such as risk assessments for organisations.

The amendments to the Act would be implemented later this year, the minister said. 

To boost cybersecurity skillsets in Singapore, CSA will also introduce the SG Cyber Talent initiative to reach out to more than 20,000 individuals over three years through new and existing programs. These programs are aimed at bringing together the cybersecurity community and educators to cultivate an aptitude for cybersecurity amongst young Singaporeans, with participants to receive mentorship and customised training along with a platform for cybersparring. 

The CSA would also establish "communities of practice" to offer training in cybersecurity and equip cybersecurity professionals with knowledge of global best practices and technologies so they could more effectively secure their organisations.

Puthucheary said: "[SG Cyber Talent] will build a pipeline of cybersecurity professionals to support Singapore's ambitions to be a cybersecurity hub."

Singapore is expected to launch its Safer Cyberspace Masterplan later this year, which will include the implementation of baseline security standards. 

Improving data flow across borders

During his speech at the MCI Committee of Supply Debate, Singapore's Minister for Communications and Information S. Iswaran reiterated the country's efforts in improving cross-border data flow, including establishing Digital Economy Agreements with nations such as Australia, New Zealand, and Chile

These deals will enable secure data flows and seamless cross-border digital payments, benefitting businesses in the countries involved, he said.

Iswaran said: "Our goal and our interest is to work with like-minded partners to ensure an open digital trade architecture, and to guard against a new kind of protectionism."

Singapore has also been looking to modernise its logistics networks, which the minister noted was critical amid an expanding e-commerce landscape. He said some 200,000 parcels are delivered daily across Singapore, where e-commerce is expected to grow between 12% and 20% a year over the next five years.

"It is neither productive nor sustainable for all this growing volume of packages to all be delivered to the doorstep. We do need alternative solutions," he said. "We must enhance Singapore's last-mile delivery infrastructure and that is why we have decided to deploy a nationwide parcel locker network."

Owned by IMDA, the locker network would be accessible to all logistics players, he added, noting that this aimed to offer greater choice to consumers, while improving productivity within the urban logistics sector. 

According to Sim Ann, Senior Minister of State for the Ministry of Communications and Information, the IMDA would be rolling out 1,000 locker stations in HDB estates, MRT stations, and Community Centres by end-2022. This locker network would complement existing commercial locker stations and doorstep deliveries, she said. 

Sim explained: "The goal is to place a locker station around five minutes' walk from every HDB block. Users can collect parcels on their way to work, or on their way home--any time of the day. Merchants and logistics service providers will also enjoy greater delivery efficiency. This may result in more competitive delivery prices for consumers."

She said there has been "strong support" from major e-commerce marketplaces such as Qoo10 and Shopee, as well as logistics service providers like Qxpress. 

RELATED COVERAGE