IMDA Launches IoT Cyber Security Guide

By Jeremy Tan, Loren Leung

04-2020

The Infocomm Media Development Authority of Singapore ("IMDA") published the IoT Cyber Security Guide ("IoT Guide") on 13 March 2020.

The IoT Guide provides guidance to enterprise users and vendors on the deployment of IoT technology, and has been developed following public consultation in the first quarter of 2019. This IoT Guide is designed for enterprise users and vendors of IoT systems and will likely aid manufacturers and vendors who may be considering voluntary certification of their products under the Cybersecurity Labelling Scheme ("CLS"). At launch, the CLS is voluntary and only covers consumer WiFi routers and smart home hubs.

The IoT Guide was developed in consultation with the Cyber Security Agency of Singapore and builds on earlier technical references published by Singapore's Information Technology Standards Committee ("ITSC"), namely TR 64:2018 "Guidelines for IoT Security for Smart Nation". The IoT Guide also references other international standards, including the Cloud Security Alliance IoT Controls Framework and ETSI TS 103 645 cybersecurity for consumer IoT .

The IoT Guide adopts a practical approach providing baseline recommendations, foundational concepts and checklists which focus on security aspects for the acquisition, development, operations and maintenance of IoT systems. The IoT Guide advises that users of the IoT Guide should assess the relevance of the baseline recommendations and customise the checklists as appropriate for their specific needs, and continue to reassess an ongoing basis. This recommended approach reflects the nature of IoT technology, which does not lend itself of a common set of standards, assessments and checklists applicable to all scenarios, and is constantly changing.

The IoT Guide should be useful to developers, providers and users of IoT products and systems who wish to have a better picture of the IoT cybersecurity landscape and expectations.

This article is produced by our Singapore office, Bird & Bird ATMD LLP, and does not constitute legal advice. It is intended to provide general information only. Please contact our lawyers if you have any specific queries.