In recent years, there has been an exponential increase in the number of connected Internet of Things (IoT) devices in the world. It is estimated that there will be 75 billion IoT devices by 2025.
Amidst the growth in number of IoT products in the market, and in view of the short time-to-market and quick obsolescence, many consumer IoT products have been designed to optimise functionality and cost over security. As a result, many devices are being sold with poor cybersecurity provisions, with little to no security features built-in.
This poses cybersecurity risks such as the compromise of consumers’ privacy and data as hackers generally look for the easiest systems to attack that will net the most damage and returns.
Compromised IoT devices can also be used by threat actors to form a botnet to launch Distributed Denial of Service (DDoS) attacks which could bring down Internet services. One example of this is the Mirai botnet attack in 2016 which were carried out via innocuous IoT devices, such as home routers and IP cameras. The attack left much of the internet inaccessible in the US East Coast.
Currently, information on the amount of security that is built into these devices is not made readily available by the manufacturers. Thus, consumers are unable to make informed decisions towards purchasing more secure devices.
About the Cybersecurity Labelling Scheme
The Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices, as part of efforts to improve Internet of Things (IoT) security, raise overall cyber hygiene levels and better secure Singapore's cyberspace.
The CLS is the first of its kind in the Asia-Pacific region. Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions. This will enable consumers to identify products with better cybersecurity provisions and make informed decisions.
The CLS also aims to help manufacturers stand out from their competitors and be incentivised to develop more secure products. Currently, consumer smart devices are often designed to optimise functionality and cost. They also have a short time-to-market cycle, where there is less scope for cybersecurity to be incorporated into product design from the beginning.
The CLS was first introduced to cover Wi-Fi routers and smart home hubs. These products were prioritised because of their wider usage, as well as the impact that a compromise of the products could have on users. It has since been extended to include all categories of consumer IoT devices, such as IP cameras, smart door locks, smart lights and smart printers.
To encourage adoption of the scheme, CSA will waive the application fees for the CLS for one year until 6 October 2021.