SINGAPORE – 13 MAR 2020
The Infocomm Media Development Authority (“IMDA”) today launched a new IoT Cyber Security Guide (“Guide”) to offer enterprise users and their vendors better guidance on deploying IoT technology.
The Guide was developed by IMDA after taking in comments from IMDA’s public consultation in January 2019, and in consultation with the Cyber Security Agency (“CSA”). With the proliferation of IoT devices, the Guide aims to provide a practical document to help enterprise users and their vendors address the cyber security aspects of IoT systems in the acquisition, development, operation and maintenance of these systems. To achieve this, the Guide will introduce foundational concepts and provides a set of baseline recommendations and a checklist for users and vendors.
Specifically, the Guide is designed for three main user groups, namely:
- IoT developers who design, develop and deploy secure IoT products and systems;
- IoT providers who implement, configure, operate and maintain IoT systems securely; and
- IoT end-users who procure and interact with IoT systems.
For example, by providing a suggested list of security questions, the Guide can help enterprises develop checklists on relevant security requirements during their tendering or procurement process.
In addition, the Guide provides a holistic approach to identifying and mitigating the threats and vulnerabilities posed by IoT systems. It covers a wide range of practical issues faced by IoT vendors and their users such as:
- Fundamental IoT security design principles
- Security Impact categories for identification of assets of interests
- Threat categories for the enumeration of threats, from both cyber and physical perspectives
- Attack surface categories that are common to IoT devices.
- System and device life cycles with different threat considerations for each cycle
- Assessment of threats
IMDA Deputy Chief Executive, Ms Aileen Chia, said, “As companies deploy more IoT systems and devices to improve business efficiency and productivity, it also exposes them to more cyber security threats and vulnerabilities. I encourage companies and vendors to adopt the new IoT Cyber Security Guide and take cyber security into consideration early at the point of designing and developing their IoT systems to better protect their businesses from cyber security threats and the damage they bring.”
CEO of CIO Academy, Mr P Ramakrishnan, said, “Many businesses are embracing the use of transformative technologies using IoT and while IoT promises a wealth of opportunities, it ushers in new threats and vulnerabilities. The IoT guide initiative by IMDA is a commendable effort that helps organisations navigate the design and use of IoT in a more secured way. It paves the way for organisations to provide feedback and share them with the larger IoT community on what can and should not be done.”
The guide is available for download on the Reference Standards page.