IMDA Launches IoT Cyber Security Guide

Written By

loren leung Module
Loren Leung

Partner
Singapore

I am a partner in the Tech & Comms team, based in Singapore and Sydney. I advise a broad spectrum of clients across APAC on all aspects of technology, media and telecoms law.

jeremy tan Module
Jeremy Tan

Partner
Singapore

I am dedicated to helping clients thrive in the digital era and I strive to deliver innovative legal solutions that align with my client's business objectives. I am the managing partner of our Singapore office and co-head Bird & Bird's International Privacy and Data Protection Group.

The Infocomm Media Development Authority of Singapore ("IMDA") published the IoT Cyber Security Guide ("IoT Guide") on 13 March 2020.



The IoT Guide provides guidance to enterprise users and vendors on the deployment of IoT technology, and has been developed following public consultation in the first quarter of 2019. This IoT Guide is designed for enterprise users and vendors of IoT systems and will likely aid manufacturers and vendors who may be considering voluntary certification of their products under the Cybersecurity Labelling Scheme ("CLS"). At launch, the CLS is voluntary and only covers consumer WiFi routers and smart home hubs.

The IoT Guide was developed in consultation with the Cyber Security Agency of Singapore and builds on earlier technical references published by Singapore's Information Technology Standards Committee ("ITSC"), namely TR 64:2018 "Guidelines for IoT Security for Smart Nation". The IoT Guide also references other international standards, including the Cloud Security Alliance IoT Controls Framework and ETSI TS 103 645 cybersecurity for consumer IoT .

The IoT Guide adopts a practical approach providing baseline recommendations, foundational concepts and checklists which focus on security aspects for the acquisition, development, operations and maintenance of IoT systems. The IoT Guide advises that users of the IoT Guide should assess the relevance of the baseline recommendations and customise the checklists as appropriate for their specific needs, and continue to reassess an ongoing basis. This recommended approach reflects the nature of IoT technology, which does not lend itself of a common set of standards, assessments and checklists applicable to all scenarios, and is constantly changing.

The IoT Guide should be useful to developers, providers and users of IoT products and systems who wish to have a better picture of the IoT cybersecurity landscape and expectations.

This article is produced by our Singapore office, Bird & Bird ATMD LLP, and does not constitute legal advice. It is intended to provide general information only. Please contact our lawyers if you have any specific queries.

Latest insights

More Insights
Curiosity line yellow background

A Deep Dive into China’s Network ID Proposal

Nov 06 2024

Read More
mountain scape

European Union Artificial Intelligence Act Guide

Nov 06 2024

Read More

California’s AI bill vs. the EU AI Act: a cross-continental analysis of AI regulations

Nov 06 2024

Read More