The Infocomm Media Development Authority (IMDA) have announced their plans to introduce requirements that provide a safer experience for users of IoT devices in their homes. The new rules proposed state that home routers need to meet requirements that include stronger password administration in order to prevent hackers stealing personal information. The IMDA and the new Cyber security labelling scheme proposed by the Cybersecurity Agency of Singapore (CSA) claim that these new rules protect users from the increased use of IoT devices and creates awareness around security.
The intention to educate and enable consumers around better security practices for their IoT devices is clearly positive and fills an unmet need. That said, voluntary schemes such as Singapore’s recently announced Cybersecurity Labelling Scheme for IoT devices will likely only get picked up by the sub-set of vendors that are proactive about their customers’ and product’s security. The CLS’ proposed “security rating” scheme aims to indicate and differentiate products “with better cybersecurity provisions” appears to be a simple idea focusing on basic good practices but could be complex to ensure ratings are kept up to date as software gets revised and vulnerabilities get identified. I think Singapore’s CLS announcement is more of a positive statement of intent that needs more development in order to be robust and pervasively used. Here in the UK, the government initially pursued a similar voluntary scheme around IoT security but soon realised it would have no teeth, and so turned to legislation instead.