Singapore cyber chief calls for ‘security by design’ in devices

By Cyber Security Agency of Singapore

David Koh gives opening speech at GovWare Focus 2020.

The Chief Executive of the Cyber Security Agency of Singapore (CSA) has called on companies in the ICT sector to tackle security vulnerabilities when products are designed and built.

“We hope to incentivise manufacturers to place a priority on the protection of their customers via secure-by-design practices,” said David Koh at the opening keynote of GovWare Focus 2020.

“As the builders of ICT products, these companies are best placed to address security vulnerabilities upstream, so that users are protected downstream,” he said.

Singapore has launched a new Cybersecurity Labelling Scheme (CLS) for consumer smart devices, as part of efforts to improve Internet of Things (IoT) security and raise overall cyber hygiene levels. This would help consumers identify products with better cybersecurity provisions and make informed decisions, CSA added.

UK’s former cyber chief Ciaran Martin has similarly called for security to be built into products before they are taken home, rather than expect users to fix the flaws. The solution is to “make security pay; only then will secure-by-design follow”, he said at GovInsider’s Festival of Innovation.

This involves setting “objective, measurable standards” for the security of IoT devices, and giving consumers a choice to pay for devices with higher levels of security, Martin added.

Singapore this week also launched a new ‘Safe Cyberspace Masterplan’ at the opening ceremony of the virtual Singapore International Cyber Week. The masterplan outlines a blueprint for the creation of a safer and more secure cyberspace in Singapore. It aims to raise the general level of cybersecurity for individuals, communities, and companies.

Earlier in the year, Singapore announced it would spend S$1bn over the next three years to build cyber and data security capabilities, he said. “The funding will allow us to work with industry partners to strengthen the overall cyber and data security of Government systems.”

The country will launch updated security standards for cloud services as well. This will allow “cloud service providers to differentiate themselves from competitors, and provide enterprises greater clarity on the levels of security offered”.
Underlying the masterplan is the idea of partnerships as cybersecurity is a collective responsibility, he added.

“Cybersecurity is a team sport. The Government is uniquely placed to perform certain roles to protect cyberspace, but we cannot protect cyberspace without the commitment from our five groups of partners – our international partners, the cybersecurity sector, the ICT industry, enterprises, and all users,” Koh said.

CSA also seeks to match cybersecurity companies with end users with unique and complex challenges through its Cybersecurity Industry Call for Innovation. “Innovative solutions to these challenges can be developed into pilot projects for established organisations as well as Critical Information Infrastructure in sectors such as Energy, Maritime and Defence.”

“The opportunity to innovate on real-world problems gives our companies an edge to be more agile, develop faster as well as to reap the benefits of their innovations more quickly from end users who are already committed to their success,” Koh added.