Navigation

Tracking The Internet of Things

Tracking the Internet of Things for the Australian IT community

Navigation

You are here: Home / IoT News Asia Pacific / Singapore launches IoT security guide for enterprises and vendors

Singapore launches IoT security guide for enterprises and vendors

Stuart Corner

Singapore skyline

Singapore’s Infocomm Media Development Authority (IMDA) has launched an IoT Cyber Security Guide to offer enterprise users and their vendors deploy secure IoT technology.

It follows release of a draft guide and the initiation of consultion in January 2019 and the initiation of consultation with the UK Government on consumer IoT security in October 2019. IMDA says its aim for the guide is to provide a practical document to help enterprise users and their vendors address the cyber security aspects of IoT systems in the acquisition, development, operation and maintenance of these systems.

It is targeted at

– IoT developers who design, develop and deploy secure IoT products and systems;

– IoT providers who implement, configure, operate and maintain IoT systems securely; and

– IoT end-users who procure and interact with IoT systems.

It contains a list of security questions to help enterprises develop checklists on relevant security requirements during tendering or procurement processes.

And it covers a wide range of practical issues faced by IoT vendors and their users such as:

  • Fundamental IoT security design principles;
  • Security Impact categories for identification of assets of interests;
  • Threat categories for the enumeration of threats, from both cyber and physical perspectives
  • Attack surface categories that are common to IoT devices;
  • System and device life cycles with different threat considerations for each cycle;
  • Assessment of threats.

Publication of the guide follows a public consultation in January 2019 and consultation with Singapore’s Cyber Security Agency (CSA).

IMDA deputy chief executive, Aileen Chia said user organisations and vendors should use the guide to take cyber security into consideration early at the point of designing and developing their IoT systems to better protect their businesses from cyber security threats and the damage they bring.

The guide comprises three documents

Internet of Things (IoT) Cyber Security Guide

Annex A Foundational Concepts This expounds and augments the security concepts in Singapore standard TR 64:2018 Guidelines for IoT security for smart nation. It provides the foundation for a holistic approach to identify and mitigate the threats and vulnerabilities of IoT systems.

Annex B Case Study on Home Control System demonstrates the application of the recommendations in the main document to a home control system to analyse and counter various threats: spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege.

 

About Stuart Corner

I’ve been a journalist working in IT and telecommunications for 30 years. You can read more about me via the 'about' page of this web site.