IMDA Launches Public Consultation for Residential Gateways (Home Routers)
SINGAPORE – 13 March 2020: The Infocomm Media Development Authority (“IMDA”) today launched a public consultation to specify security requirements for home routers sold in Singapore.
The increased proliferation of networked intelligent devices in homes such as web cameras and baby monitors has translated to higher risks of cyber-attacks that leverage such devices. Some of these devices have little or weak protection against cyber-attacks and are vulnerable to unauthorised access by malicious actors.
Residential Gateways (“RG”), commonly known as home routers, are often the first entry point as they form the key bridge between the Internet and residents’ home networks.
To provide a safer and more secure Internet experience for users, and to strengthen the resilience of Singapore’s telecommunications networks, the Infocomm Media Development Authority (“IMDA”) today launched a public consultation to seek views from the industry and public on a new Technical Specification (“IMDA TS RG-SEC”) that will set out the minimum requirements for RGs.
Together with CSA’s Cybersecurity Labelling Scheme (CLS), this effort will raise the cybersecurity standards of IoT devices in Singapore. This will improve baseline standards for such devices and will be a pre-requisite for CSA’s cybersecurity label. Other jurisdictions are also evaluating similar requirements. Japan will be imposing similar requirements from April 2020, and the United Kingdom has also recently begun evaluating such requirements.
IMDA is inviting views on the following key requirements:
- Tightening password administration through mandating no default login passwords, and requiring minimum password strength for RG;
- Securing default settings to better manage and control access to the RG, such as switching off unsecured Wi-Fi Protected Setup (“WPS”), and switching on the firewall by default;
- Strengthening RG administration, in particular the applicability of maintaining secure communication protocols such as SSH or HTTPS for device management interfaces to the RG; and
- Updating RGs automatically with the latest firmware
IMDA has also engaged key RG manufacturers including Linksys and TP-Link, and also telecommunication service providers, who have expressed support for IMDA’s initiative to strengthen the security of home routers. Through these industry engagements, IMDA notes that some equipment manufacturers have already incorporated similar requirements in newer models of home routers. IMDA expects mainstream models will continue to remain affordable as new equipment compliant with IMDA’s requirements is launched.
To allow time for the industry to comply with the new technical requirements, the proposed changes will be effective six months after the finalised standards come into effect. Additionally, previously-approved home routers can continue to be sold until one year after the finalised standards come into effect. IMDA expects TS RG-SEC compliant RGs to be available from as early as end 2020, and all RGs sold in Singapore will be compliant by Q3 2021.
Residents will not need to change their home routers. When residents next upgrade their RGs, they are advised to look for RGs compliant with IMDA’s cybersecurity requirements, which will be affixed with a compliance label, for better protection. A list of approved RGs will also be available on IMDA website for verification by consumers prior to purchase.
IMDA will take in industry and public comments before finalising the requirements.
More information is available by clicking here. All submissions for the public consultation must reach IMDA by 12 noon on 10 April 2020.
ISSUED BY THE INFO-COMMUNICATIONS MEDIA DEVELOPMENT AUTHORITY
About Info-communications Media Development Authority (IMDA)
The Infocomm Media Development Authority (IMDA) leads Singapore’s digital transformation with infocomm media. To do this, IMDA will develop a dynamic digital economy and a cohesive digital society, driven by an exceptional infocomm media (ICM) ecosystem – by developing talent, strengthening business capabilities, and enhancing Singapore's ICM infrastructure. IMDA also regulates the telecommunications and media sectors to safeguard consumer interests while fostering a pro-business environment, and enhances Singapore’s data protection regime through the Personal Data Protection Commission.
For more news and information, visit www.imda.gov.sg or follow IMDA on Facebook IMDAsg and Twitter @IMDAsg.
For media clarifications, please contact:
CHOO Hong Xian (Mr)
Manager, Communications and Marketing
DID: (65) 6955 0221