Image © Someformofhuman. Used under CC BY-SA 3.0 license
Singapore’s Infocom Media Development Authority (IMDA) has released a draft set of recommendations and guidance to IoT users and vendors on securing IoT devices and networks, and is seeking comments.
The 19 page Internet of Things (IoT) Cyber Security Guide is accompanied by a separate consultation paper setting out the specific questions on which IMDA seeks input (by 8 March).
IMDA says the guide builds on the concepts introduced in ITSC TR64: “Guidelines for IoT security for smart nation” — produced by the Singapore Government’s Information Technology Standards Committee — and provides further details on the implementation of IoT security through case studies.
It “provides baseline recommendations, foundational concepts and checklists, focusing on the security aspects for the acquisition, development, operations and maintenance of IoT systems.”
It is designed for IoT developers who want to design, develop and deploy secure IoT products and systems and IoT users who want to procure and interact with IoT systems. For system interactions. IMDA adds “IoT users can by either human or software agents.”
IMDA says despite the existence of several similar documents on IoT security published by organisations in overseas jurisdictions, there is still merit in developing one for Singapore’s adoption.
“First, local enterprises and government agencies will be able to take reference from a common guide, adopting the same lingo, terminology, and approaches in addressing security threats … [and] will also facilitate better integration of IoT networks deployed in Singapore, if required.
“Second, threats that are more relevant to the local context will be identified, allowing vendors and users to better focus their resources in implementing more relevant security solutions.
“Third, this guide seeks to cover broader areas, providing not only recommendations for both the deployment and operating phases of IoT systems but also, threat modelling and vendor disclosure checklists, which are currently not available in many similar documents.”
The guideline is also accompanied by two annexes. Annex A “expounds and augments the security concepts introduce in ITSC TR64 … [that] provide the foundation for a holistic approach to identify and mitigate the threats and vulnerabilities of IoT systems.”
Annex B is a case study that demonstrates the application to a home control system of the principles set out in the guideline.
