Labelling scheme to indicate cybersecurity levels launched here

A new labelling scheme to indicate the cyber security levels of home devices has been launched here, with plans to have the standards adopted at the international level.

The Cybersecurity Labelling Scheme (CLS) will be similar to energy labels, with a tiered reference to security levels to help consumers make informed decisions.

The voluntary scheme was launched yesterday at the Asean Ministerial Conference on Cybersecurity - held as part of the fifth Singapore International Cyber Week - at Marina Bay Sands.

Communications and Information Minister S. Iswaran said at the event that the scheme will strengthen cyber security around Singapore's Internet of Things (IoT), and could raise the global security standards of IoT devices.

IoT refers to devices linked to one another and the Internet.

"The scheme is the first of its kind in the Asia-Pacific. It establishes cyber security rating levels for registered smart devices, such as home routers and smart home hubs," said Mr Iswaran, who is also Minister-in-charge of Cyber Security.

"Manufacturers of IoT devices can voluntarily apply for the CLS."

The Cyber Security Agency of Singapore (CSA) will be administering the label, which was introduced earlier this year. The agency is waiving application fees for the first year to encourage adoption.

Mr Iswaran said the Government intends to use the label to raise the security standards of products not only in Singapore, but also internationally. "With the labels, consumers can easily assess the level of security of each device and make informed purchasing choices," he said.

Singapore's cyber security labelling scheme follows the European Union's standard for IoT devices, which spells out the minimum standards for manufacturers to meet, including having no default passwords and ensuring that there are regular software updates over the air without user supervision.

Singapore is among the first nations to adopt such a standard.

There are four levels in the scheme, each represented by an asterisk.

In order to pass the standards for the first two levels, manufacturers need to submit a declaration of compliance along with supporting evidence. For the two higher levels, they will need to submit an assessment report by a laboratory approved by CSA.

The agency started accepting applications for the label yesterday. The labels will first be rolled out to Wi-Fi routers and smart home hubs, due to their wide use and potential security risks.

Mr Ronnie Lee, general manager of Lenovo Singapore, said the firm plans to apply the CLS to its IoT devices, adding that the scheme comes at a good time, with customers becoming increasingly concerned about cyber security.

"It will benefit customers, who can now make informed decisions on which devices to purchase, depending on the different security levels they may require," he said.