What is the Singapore CSA and what does it do?
The CSA is a government body in Singapore tasked with ensuring a safe and secure digital environment for the nation’s people and institutions and formulate and advance Singapore’s Cybersecurity Strategy with a long-term view to protecting critical infrastructure. Since Singapore is a key global financial, economic and technological center, the nation’s government saw cyberspace as critical to its national assets and decided to launch the CSA in 2015, bringing together industry and academic experts in information and cybersecurity.
To this end the government body’s efforts include:
- Monitoring for and countering all manner of cybersecurity threats to Singapore’s digital ecosystem
- Providing cybersecurity consulting and education to companies, individuals, and other government bodies
- Establishing and advising best practices and strategies to its various stakeholders
- Certifying security products that meet the CSA’s security-by-design standards and advance its core mission
What is the Singapore CSA’s Cybersecurity Labelling Scheme (CLS) and what does it mean for Pangolin?
Spurred by the exponential growth in the Internet of Things (IoT) and the security vulnerabilities and challenges it has posed, the Cybersecurity Labelling Scheme – the first of its kind in Asia Pacific – was launched by Singapore’s CSA to help increase the quality of consumer cybersecurity and routing devices and improve access to such devices by individuals and businesses by incentivizing better and more standardized design and manufacturing practices by device makers/designers. The CLS is based on the standards set by the European Standards Organization’s “Cyber Security for Consumer Internet of Things: Baseline Requirements” and is also recognized by the US, Australia, and other countries.
Below is a summary of the four levels of Cybersecurity Labelling:
|
Label Level |
Requirements |
# of products (as of writing) |
|
Level 1 |
The product meets basic security requirements such as ensuring unique default passwords and providing software updates. |
12 |
|
Level 2 |
The product has been developed using the principles of Security-by-Design such as conducting threat risk assessment, critical design review and acceptance tests, and fulfilled Level 1 requirements. |
1 |
|
Level 3 |
The product has undergone assessment of software binaries by approved third-party test labs, and fulfilled Level 2 requirements. |
0 |
|
Level 4 |
The product has undergone structured penetration tests by approved third-party test labs and fulfilled Level 3 requirements. |
1 |
We are happy to say that, at the time of writing, Pangolin Smart Firewall is the first product to receive Level 2 labelling, and the first firewall product to receive labelling.
The mission and purpose of the CSA and its Labelling Scheme mirror TeamRed’s own reason for developing the Pangolin Smart Firewall, and we believe being part of cooperative ecosystem for better security in the IoT age is key to a more secure online environment for everyone.
To this end, TeamRed decided to apply for the rigorous assessment to be part of the certified group of products by the CSA of Singapore. This labelling is actually not necessary to legally sell such devices in Singapore, but rather it helps end users considering their security options to easily identify which products meet the cybersecurity design and best practices standards as set forth by the CSA. As Singapore is a world leader in technology, security and the digital economy, labelling designation is useful for consumers outside of Singapore as well in determining what products meet the highest standards of design and manufacture for better IoT security.
You can check out more from the CSA of Singapore at their website: https://www.csa.gov.sg/
