Opening Address by SMS Janil Puthucheary at the International IoT Security Roundtable Event
Opening Address by SMS Janil Puthucheary at the International IoT Security Roundtable Event on 16 Oct 2024
His Excellency Hong Jin-Wook – Ambassador of the Republic
of Korea to the Republic of Singapore
Mr Lee Sang-Joong, President of Korea Internet & Security Agency
Ms Barbara Kluge, Deputy Head of the Directorate-General Cyber and Information Security, Federal Ministry of the Interior and Community
Mr Tomoo Yamauchi, Director-General for Cyber Security and CISO, Ministry of Internal Affairs and Communications, Japan
Distinguished Guests, Excellencies, ladies and gentlemen,
1. Welcome to the International Internet of Things Security Roundtable. Your presence here today – representing governments, industry leaders, and cybersecurity experts from around the world – demonstrates our shared commitment to addressing the challenges of securing the Internet of Things (IoT) together.
2. As we pursue growth using technologies such as IoT, there needs to be trust.
3. Many emerging technologies have changed how we live, work and play. We can now monitor and control our smart homes and other IoT devices on the go.
4. Smart sensors and IoT solutions present use cases at the workplace to improve productivity and drive efficiency. There are billions of devices worldwide now connected, and these IoT devices are exposed to cybersecurity threats and risks. This is a room of experts, you will be familiar with the use of botnets, as malicious cyber actors exploit vulnerable IoT devices and infect them with malware. These are the threats and risks we face.
5. We have known the need to secure our IoT devices for some time. Four years ago, at this event, I launched CSA’s Cybersecurity Labelling Scheme for IoT devices to encourage developers to use cybersecurity to differentiate themselves, and we ask consumers to pay close attention to IoT security. Since its launch, more than 500 models of these devices have received a label, and about 60% of the applications were done voluntarily. So, we are not alone in believing that cybersecurity is a competitive advantage.
6. Since we launched the Cybersecurity Labelling Scheme (CLS) four years ago, there has been stronger international traction over the need for such a scheme. More governments and more associations are now advocating for similar labelling schemes in their jurisdiction and pushing for more robust cybersecurity measures to be incorporated into IoT devices. Singapore welcomes this development; Governments must stand together and make it clear to the industry that cybersecurity is not an afterthought, and it cannot be an afterthought. It needs to be factored in upfront, and it needs to be an example of security-by-design.
Cybersecurity Labelling Scheme for IOT (CLS(IoT)) - Mutual Recognition Arrangements on Cybersecurity Labels for Consumer Smart Products with Korea and Germany
7. Today, I am pleased to announce that Singapore and the Republic of Korea will be signing a Mutual Recognition Arrangement on Cybersecurity Labels for Consumer Smart Products. This Mutual Recognition Arrangement (MRA) of cybersecurity labels will come into effect in January 2025, and will cover devices intended for use by consumers, such as smart home gateways, appliances and hubs.
8. This MRA is special for us because the Republic of Korea is our first partner in Asia to formalise the mutual recognition of national cybersecurity labels with Singapore.
9. In addition, I am also pleased to announce that Singapore and Germany will be signing a new Mutual Recognition Arrangement to expand the scope of our existing collaboration to include Home Gateways (also known as Wi-Fi routers). This builds on the MRA signed between Singapore and Germany two years ago and is part of our larger bilateral cooperation and partnership in cybersecurity.
10. I would like to thank all our partners for the bilateral MRAs. These partnerships are important, and we hope to continue to have more of such Mutual Recognition Arrangements over a broader range of devices. I would like to encourage our partners to consider how we can collectively raise global standards for our devices or products, and how countries can come together to establish Multilateral Internet of Things Recognition Arrangement that drives global progress towards secure IoT devices.
Launch of the Cybersecurity Labelling Scheme for Medical Device, CLS (MD)
11. On Singapore’s part, we are also broadening our Cybersecurity Labelling Scheme locally to key sectors, such as healthcare.
12. In Singapore, medical devices currently must be registered with the Health Sciences Authority (HSA) and meet regulatory requirements, including cybersecurity, before they can be imported, distributed and sold locally. HSA's cybersecurity requirements are harmonised with the recommendations set by the International Medical Device Regulators Forum - this is a group that aims to accelerate global regulatory harmonisation and convergence.
13. However, as medical devices become increasingly connected to networks at home, within the hospitals, they are potentially exposed to elevated cybersecurity risks, there is a need to take proactive measures to enhance the cybersecurity safeguards for medical devices.
14. Work has been going on for the Cybersecurity Labelling Scheme for Medical Device since 2022. The CLS(MD) is targeted at helping consumers and healthcare providers identify and select medical devices with better cybersecurity. It also seeks to improve medical device security by incentivising manufacturers to see cybersecurity as a competitive advantage and incentivise them to adopt a security-by-design.
15. We launched a sandbox trial last year at this event. The trial has provided critical insights and very useful feedback from the medical device manufacturers. This proactive engagement has been crucial in honing the scheme, refining how it works, setting a solid foundation for its broader implementation.
16. Over the past two years, during this sandbox trial period, the Ministry of Health, Cyber Security Agency of Singapore, the Health Sciences Authority and Synapxe, our healthcare technology agency as part of our public sector in Singapore, have invested significant effort to collaborate with the manufacturers to develop the CLS(MD), working together and making sure that the scheme's specifications and procedures are fit for the industry and fit for the outcome that we intend.
17. Extending beyond the work of CLS(MD), the Global Digital Health Partnership (GDHP), a collaboration of international government agencies and the World Health Organisation, will be publishing their Guidance for Medical Device Cybersecurity (GMDC) crafted based on our CLS(MD) requirements. This guidance note will be used to guide Medical Device Manufacturers and Healthcare Delivery Organisations worldwide on cybersecurity features to consider when developing and deploying medical devices.
18. Finally, after two years of labour, I am pleased to announce the official launch of the Cybersecurity Labelling Scheme for Medical Devices today. I am heartened to see such strong support for this initiative, and I would like to thank all participants and contributors for your valuable input.
19. I welcome more sectors to work with the Cyber Security Agency of Singapore to develop similar Cybersecurity Labelling Scheme for your respective sectors, and uplift the cybersecurity of more IoT devices within your sector here in Singapore.
20. As I conclude, let me reiterate the importance of events like the International IoT Security Roundtable. We have a collective journey towards a more secure and more interconnected future. We have to engage in open dialogue, share knowledge, and forge partnerships to secure our IoT and a safer digital world for all.
21. Thank you very much for inviting me to join you here today, and I hope you have a useful, productive and exciting roundtable.