November 23, 2020
Singapore’s Cybersecurity Labelling Scheme (CLS) aims to better secure the Internet-of-Things (IoT) by setting and raising overall cybersecurity hygiene levels for smart consumer products. As a CLS-approved lab, UL helps developers of connected products meet their certification requirements at any of the scheme’s levels in an efficient yet comprehensive manner.
In order to set and raise overall cybersecurity hygiene levels in Singapore, and as the first country in the Asia-Pacific region, the Cyber Security Agency (CSA) of Singapore has launched the Cybersecurity Labelling Scheme (CLS) for smart consumer products in an effort to help consumers better understand the cybersecurity provisions these products have to offer. By offering 4 levels of product security labels, consumers are better able to make a well-informed decision when purchasing a new technology product.
Based on the ETSI EN 303 645 standard, the CLS is structured as follows:
- Tier 1 – ‘Baseline’ security requirements, derived from ETSI EN 303 645, are required and can be demonstrated through the developer’s declaration of conformance.
- Tier 2 – Secure product lifecycle requirements, derived from the IMDA IoT Cyber Security Guideline, are required and can similarly be demonstrated through the developer’s declaration of conformance.
- Tier 3 – On top of the tier 1 and tier 2 requirements, the developer must subject the product to a software binary analysis by a CLS-approved 3rd-party lab, such as UL. This analysis focuses on known vulnerabilities and common software weaknesses.
- Tier 4 – To achieve the highest level, the product must be subjected to a thorough security evaluation by a CLS-approved 3rd-party lab, such as UL. The lab will verify conformance of the product to the ETSI EN 303 645 requirements and perform additional (and mandated) penetration testing activities on the product.
As a long-standing partner to the CSA and a seasoned security services provider to the IoT industry, UL offers its wealth of experience and security expertise to help developers get to market quickly while helping to ensure quality and integrity.
- Makes product security more transparent and accessible for consumers
- Helps consumers make purchasing decisions
Demonstrate security due diligence
- Helps to ensure minimum security capabilities are met, as articulated by ETSI TS 103 645 and other industry standards
- Leverages the IoT Security Rating to define a product security roadmap
- Leverages the IoT Security Rating to achieve product differentiation
Keep up with market trends
- Stay ahead of regulatory developments and potential security liability