IMDA Launches IoT Cyber Security Guide

Written By

loren leung Module
Loren Leung

Partner
Singapore

I am a partner in the Tech & Comms team, based in Singapore and Sydney. I advise a broad spectrum of clients across APAC on all aspects of technology, media and telecoms law.

jeremy tan Module
Jeremy Tan

Partner
Singapore

I am dedicated to helping clients thrive in the digital era and I strive to deliver innovative legal solutions that align with my client's business objectives. I am the managing partner of our Singapore office and co-head Bird & Bird's International Privacy and Data Protection Group.

The Infocomm Media Development Authority of Singapore ("IMDA") published the IoT Cyber Security Guide ("IoT Guide") on 13 March 2020.



The IoT Guide provides guidance to enterprise users and vendors on the deployment of IoT technology, and has been developed following public consultation in the first quarter of 2019. This IoT Guide is designed for enterprise users and vendors of IoT systems and will likely aid manufacturers and vendors who may be considering voluntary certification of their products under the Cybersecurity Labelling Scheme ("CLS"). At launch, the CLS is voluntary and only covers consumer WiFi routers and smart home hubs.

The IoT Guide was developed in consultation with the Cyber Security Agency of Singapore and builds on earlier technical references published by Singapore's Information Technology Standards Committee ("ITSC"), namely TR 64:2018 "Guidelines for IoT Security for Smart Nation". The IoT Guide also references other international standards, including the Cloud Security Alliance IoT Controls Framework and ETSI TS 103 645 cybersecurity for consumer IoT .

The IoT Guide adopts a practical approach providing baseline recommendations, foundational concepts and checklists which focus on security aspects for the acquisition, development, operations and maintenance of IoT systems. The IoT Guide advises that users of the IoT Guide should assess the relevance of the baseline recommendations and customise the checklists as appropriate for their specific needs, and continue to reassess an ongoing basis. This recommended approach reflects the nature of IoT technology, which does not lend itself of a common set of standards, assessments and checklists applicable to all scenarios, and is constantly changing.

The IoT Guide should be useful to developers, providers and users of IoT products and systems who wish to have a better picture of the IoT cybersecurity landscape and expectations.

This article is produced by our Singapore office, Bird & Bird ATMD LLP, and does not constitute legal advice. It is intended to provide general information only. Please contact our lawyers if you have any specific queries.

Latest insights

More Insights
flower

NEWSFLASH - The UK’s New Consultation on AI and Copyright: Purr-suing Balance?

Dec 19 2024

Read More
laptop phone

EU/UK sanctions regarding Russia and Belarus (16-12-2024)

Dec 19 2024

Read More
Mobile Phone in hand on purple background

SEP & FRAND before the UPC - what has been happening in 2024?

Dec 18 2024

Read More