[Latest Case Study] tiket.com & Its Compliance Journey To ISO 27001 and PCI-DSS Certification
logo
Cyber Threats

Cybersecurity Labeling Scheme (CLS) in Singapore

The Cyber Security Agency in Singapore (CSA) is launching a Cybersecurity Labeling Scheme as part of its Safer Cyberspace Masterplan to better secure Singapore’s cyberspace and raise cyber hygiene levels.

A more secure Singapore

To better secure Singapore’s cyberspace, a new Cybersecurity Labelling Scheme (CLS) will be launched in 2020 with the goal to help consumers make informed purchasing choices.

In an increasingly digital world, a lot of assets, interaction and information pass through the cyberspace. With all these digital interactions comes increased security risks, and in Singapore, the Cyber Security Agency (CSA) is taking a step to secure Singapore’s cyberspace and raise cyber hygiene levels with this announcement. 

Singapore is seeing an increase in the purchases as well as the usage of smart devices, and not everyone in the market is fully aware of the potential implications and security risks for devices, especially those with minimal or weak security.  

The CLS, a first in the Asia-Pacific region, will comprise different levels of cybersecurity ratings to help consumers make better and more informed choices about the security features of the smart devices they purchase. 

In the beginning, the CLS will impact two product types, being Wi-Fi routers and smart home hubs. 

Cyber attacks on smart devices

Smart devices, including smart home hubs are not immune from cyber attacks. 

In 2017, Armis disclosed a new attack vector — BlueBorne. BlueBorne is an airborne attack vector that uses Bluetooth to allow an attacker to penetrate and take control over targeted devices. It is worth noting that the attack does not require the targeted device to be paired to the attacker’s device and it does not need to be set to the discoverable mode. This impacts smart devices such as Google Home and Amazon Echo. For specifically these smart devices, the security researchers at Armis worked with Google and Amazon on multiple occasions to push security patches to improve the security of the 15 million Amazon Echo and 5 million Google Home devices around the world.

In 2019, SRLabs discovered a new vulnerability affecting both Google and Amazon smart speakers that could allow hackers to eavesdrop on or phish unsuspecting owners of these smart devices. SRLab researchers noted that by uploading malware disguised as an innocuous Google action or Alexa skill, attackers could get the smart devices to silently record users or even ask them for the password to their Google account.

There was no evidence that this vulnerability was exploited in the real world as SRLabs disclosed the vulnerability to both Google and Amazon before going public with the findings. 

Both these incidents revealed vulnerabilities on smart devices produced by the largest enterprises with big security teams behind their products. One can imagine how much security is being considered in the product strategy of smart devices or IOT devices by smaller companies than Google and Amazon, which is why this labeling scheme can be a good first step to improve the security of all devices in the market in Singapore. 

So, what’s on the cybersecurity labels?

According to the CSA factsheet, the cybersecurity labels will provide an indication of the security provisions based on a series of assessments and tests on: 

These labels will allow smart devices with better cybersecurity provisions in the market, while incentivizing manufacturers and product vendors to develop products with recognized and improved security features. CSA notes that “the scheme will be aligned to widely-accepted global security standards for consumer IoT products”.

The CLS is an initiative under the Safer Cyberspace Masterplan — a larger plan to empower a cyber-savvy population, safeguard activities in cyberspace, and secure Singapore's digital core. More details on the master plan will be announced later this year.

Closing Thoughts

When eventually implemented for all products, the CLS is a step towards a safer cyberspace for all. However, consumers and businesses should not solely rely on these labels to protect against cyber attacks and potential cyber threats. On top of that, it is crucial to adopt a holistic cybersecurity strategy that focuses on your people, processes, and technology.

Some basic tips that Horangi has preached to its customers are:

  • Check the sender’s email domain, link URLs, and be wary of any downloads
  • Make sure our computers are up to date on patches and updates
  • When surfing the web, use HTTPS where possible (not HTTP) 
  • Take care of your passwords 
  • Use Multi-Factor Authentication (MFA) where possible

We will update this post when more information on the CLS is available.

Axel Sukianto

Axel Sukianto is the Regional Marketing Manager at Horangi. He is a customer-obsessed marketer with a focus on storytelling in the cybersecurity space.

Subscribe to the Horangi Newsletter.

Hear from our Horangi tech experts as we go deep into up-and-coming cyber threats, new solutions, and talk about the future of cybersecurity.