The UK and Singapore governments have agreed to co-operate on security for consumer IoT devices. The two governments says they will endeavour to take a leading role in driving improvements in the security of smart consumer products.
In a joint statement they said: “We want to ensure that internet-connected devices have security built in by design and the public and industry are protected against related security threats, such as cyber attacks, theft of personal data and risks to physical safety.
“At the same time, we must ensure that IoT industry can continue to grow and innovate and the public can fully benefit from these products and services.”
They have committed to share initiatives and approaches, and to exchange valuable information and experience in order to make tangible progress.
Both nations say they will adopt a multilateral approach by working with their partners, both internationally and regionally, including industry and consumer groups, to promote the implementation of good practice as set out in the relevant industry global standards.
“Implementing clear good practice principles from Industry across all their consumer IoT devices will result in citizens and the wider economy being made safer and more secure whilst using their products. UK and Singapore recommend that manufacturers implement industry best practices such as:
Discontinuing the most blatant security shortcomings, such as the use of universal default passwords;
Normalising vulnerability disclosure processes across the IoT industry, so that researchers can report security vulnerabilities and manufacturers can respond accordingly;
Encouraging the development and deployment of software security updates so that consumers and the wider technical ecosystem are protected throughout the entire life-time of IoT products. Manufacturers should define a support period for the fixing of vulnerabilities.”
They statement says the two will support the development of IoT assurance schemes and other efforts designed to give consumers confidence in the security of their products.
Singapore-UK Strategic Partnership
The joint statement follows the UK, Singapore and 52 other governments, at the At the Commonwealth Heads of Government Meeting in April 2018, agreeing to work towards the development and convergence of approaches for internet-connected devices and associated services, in order to promote user security by default.
The UK and Singapore agreed, under the Singapore-UK Strategic Partnership, to work together on areas of common interest including greater cooperation, alignment and coordination to support a global consensus for ‘secure by default’.
The partnership was initiated in 2018 by Singapore’s prime minister Lee Hsien Loong and UK prime minister Theresa May and formally launched in January 2019 by the UK’s foreign secretary Jeremy Hunt and Singapore’s minister for foreign affairs Dr Vivian Balakrishnan.
In May 2019 the UK Government announced plans for legislation that would require greater security to be built into IoT devices. The UK’s Minister for Digital, Culture, Media & Sport. Margot James, announced the plans in a press release on 1 May. She said the move would ensure that millions of household items connected to the internet are better protected from cyber attacks.
The government is looking to mandate the top three security requirements that are set out in the current ‘Secure by Design’ code of practice, launched in 2018.
Singapore’s OT cyber security master plan
Meanwhile, he Cyber Security Agency of Singapore (CSA) has just released developed its Operational Technology (OT) Cybersecurity Masterplan as part of efforts to enhance the security and resilience of Singapore’s critical information infrastructure.
It says the master plan will help to improve cross-sector response to mitigate cyber threats in the OT environment and to strengthen partnerships with industry and stakeholders.
It outlines key initiatives covering people, processes and technology to uplift the cyber security postures of critical information infrastructure owners that operate OT systems.
