3 minute read
Foreword
Cities around the world have ushered in the era of digital transformation. Singapore is no different, as we work towards our vision of a Smart Nation. The Smart Nation journey empowers the Singapore economy through technology and digital innovation, and aims to bring about a better quality of life for all. The Government, through policies and initiatives, also aims to better prepare and equip Singapore to embrace the ever-changing digital landscape.
The Smart Nation initiative rests on bridging communications and enabling digital services. This brings about the phenomenon of manufacturing every type of device to be “smart”. From traffic cameras to lampposts and even the most mundane of devices like rice cookers and babymonitors are now part of the “Internet of Things” or IoT. The rapid proliferation of such independently designed devices creates an extremely complex IoT ecosystem. These complexities create vulnerabilities that can easily be exploited by individuals or groups with malicious intent. This is a challenge that the world is facing now, and we ought to study the gaps in the IoT ecosystem and to develop frameworks, policies and innovative solutions to enhance the security of such devices. With the exponential growth in the deployment of IoT devices, the security threat is multiplied many fold. Singapore may not be the first to solve this issue, but we are willing to respond quickly and boldly to create a safe and secure IoT cyberspace.
I am pleased that Singapore has established strong cybersecurity ties with the Netherlands. We have embarked on a journey to study and identify the security challenges of the IoT landscape. The outcome of this report highlights the need for collective responsibility between industries and governments. It is important for the ecosystem to stay vibrant and develop new innovative solutions to better secure our IoT against malicious and evolving threats.
As we face this uphill challenge in the IoT cyber domain, industries and governments need to pool together resources, strengthen defenses and remain aligned through international standards and governance.
Cyber threats are often global, transboundary and increasingly sophisticated. The security challenges can only be addressed when all stakeholders, Governments, industry, academia and consumers, work together. This report is the first of many collaborations with the Netherlands and all other like-minded nations and partners, as we forge towards a more trusted and resilient digital society.
David Koh Commissioner of Cybersecurity and Chief Executive Cyber Security Agency of Singapore
CONTENTS
Colophon
Foreword
Executive Summary
1 Introduction 1.1 Objectives 1.2 Problem Statement 1.3 Justification and Methodology 1.4 Target Audience 1.5 Landscape Study Structure
2 Definition and Background 2.1 Internet of Things (IoT) 2.2 IoT Device as a Resource-Constrained Device 2.3 IoT Security vs IT Security 2.4 IoT Threats and Vulnerabilities 2.5 Security vs Safety
3 IoT Security Problem Spaces and Challenges 3.1 Principles, Governance and Legislation 3.2 Ecosystem Development 3.3 Technical References and Standards 3.4 Expert Opinions on Priority Challenges 3
5
8
11 13 13 14 14 14
17 17 18 20 20 23
25 26 26 26 28
4 Key Initiatives 4.1 Inventory of Key Initiatives 4.2 Application-Specific Initiatives 4.3 Key Findings
5 IoT Security Challenges 5.1 Cybersecurity and Privacy by Design 5.2 IoT Security Standards and Guidelines 5.3 Evaluation and Certification 5.4 Future-Proof Legislation 5.5 Responsible Industry Ecosystem 5.6 Supply Chain Security 5.7 Product Lifecycle Support 5.8 Device Identity and Root of Trust 5.9 Secure OS, Cloud and Applications 5.10 Secure Communications and Infrastructure 5.11 Security Monitoring and Analytics 5.12 Interdependencies in IoT Security
6 Conclusions and Recommendations 83
Annex A – IoT Security in Smart Mobility and Smart Health 87
Annex B – Catalogue of Key Initiatives 93
31 31 34 35
37 37 41 44 47 49 51 56 59 68 72 78 80
