The emergence of the Internet of Things and the increasing use of cyber-physical systems have led to a surge in devices and hardware components. While those devices and systems enable more connected operations, they are also potential entry points for malicious actors.
One way to reduce that risk is to ensure that such devices are designed with security instead of an add-on.
To help manufacturers and developers in Singapore get their products evaluated and certified that they are secure, Nanyang Technological University, Singapore (NTU Singapore) and the Cyber Security Agency of Singapore (CSA) have jointly launched the National Integrated Centre for Evaluation (NiCE).
Located on the NTU Smart Campus, NiCE is a one-stop facility for cybersecurity evaluation and certification.
The $19.5 million centre also aims to grow the security evaluation industry – indirectly boosting Singapore’s branding as a cybersecurity hub – in three ways.
Firstly, it will create a community of practice. It will do so by providing access to advanced equipment that evaluators and developers can use to perform evaluations at the highest assurance level. It will also maintain a pool of research and technical staff with the expertise to use the equipment and share their knowledge with other users.
See also: AI usage quickly broadens from IT to HR and marketing, survey shows
Secondly, NiCE will help develop a research ecosystem. It will facilitate research and development in advanced security evaluation techniques, covering topics such as software and hardware security protections. This will, in turn, support the capability building and knowledge transfer to the Testing, Inspection, and Certification (TIC) industry so that those companies can support CSA and NiCE in providing quality services to end industry users.
Additionally, the Singapore Accreditation Council (SAC) will work closely with CSA and NiCE to develop relevant accreditation programmes and facilitate the development of local TIC capabilities to support the cybersecurity ecosystem.
Those efforts include SAC’s IT testing programmes, enabling accredited TIC companies to provide assurance on the accuracy and consistency of their test reports and certificates that support CSA’s schemes, such as the Cybersecurity Labelling Scheme.
Thirdly, NiCE will look at building a pipeline of local product evaluation talent. It will therefore provide training, development, and certification for students and professionals to equip them with relevant security evaluation competencies.
For example, NTU and CSA launched a Graduate Certificate in Hardware Security Evaluation and Certification last year that leverages the state-of-the-art facilities at NiCE to provide deep professional training on evaluation techniques. The certificate aims to train and upskill professionals in the industry as well as for professionals who are keen to join the industry.
NiCE will also enhance the existing cybersecurity curriculum for students to include topics such as security evaluation. Students can also apply for internships at NiCE to gain exposure to the cybersecurity industry.
Other initiatives to promote Security-by-Design
The work at NiCE is aligned with CSA’s goal of promoting Security-by-Design through security evaluation. CSA kickstarted the process with the Singapore Common Criteria Scheme and Cybersecurity Labelling Scheme (CLS) to certify infocomm products in 2019 and 2020 respectively.
CSA and the Singapore Standards Council have also developed the national standard, Technical Reference 91, on Cybersecurity Labelling for Consumer IoT. This sets out the guiding principles to design and build safe and secure consumer IoT devices according to CLS security requirements.
Additionally, CSA most recently introduced an initiative known as “CLS-Ready” to make it easier for manufacturers to attain the highest CLS security rating.
Security functionalities provided by CLS- Ready hardware will no longer be needed to be tested again at the end-device level, allowing developers and manufacturers to save time and cost while not compromising on security.