In April 2021, new home routers are about to arrive with unique security prerequisites. These routers are supposed to meet the requirements before they can be put out for sale in Singapore. These new routers comprise enhanced specifications such as unique login credentials and default automatic downloads for security patches.
This new mandate aims to improve these devices’ security because hackers mostly try to breach home networks, as industry regulator Infocomm Media Development Authority (IMDA) mentioned. The enhanced security requirements were finalized, followed by an earlier consultation exercise that invited industry and public feedback.
These mandates will come into effect from April 13, 2021. Thus, home routers (approved by IMDA) will be allowed to remain on sale until October 12, 2021.
“Users of existing home routers will not need to change their current routers, but they are encouraged to purchase devices that are compliant with IMDA’s cybersecurity requirements for their next upgrade or replacement. Users should also regularly update their device firmware,” the agency said.
“Home routers are often the first entry point for cyber-attacks targeting the public, as they form the key bridge between the internet and residents’ home networks,” IMDA said in a statement. “[The] minimum security requirements for home routers [will] provide a safer and more secure internet experience for users, and strengthen the resilience of Singapore’s telecommunications networks.”
The government agency believed that the move came after observing higher risks of cyberattacks targeting intelligent devices such as baby monitors and web cameras. There are reports that Japan imposed such requirements in April, and recently the UK also began to assess such needs.
The labeling initiative is voluntary and includes four levels of rating based on a number of asterisks. Each tier indicates an additional category of testing and assessment decided on every product. The concept is to motivate manufacturers to develop more secure products, moving beyond designing basic devices with an equal intention to optimize cost and functionality.
Every level has a unique set of requirements that should be met as per guidelines. From level 1 to level 4, every step has a unique set of security needs that the product must adhere to.
Last week, Singapore revealed its latest cybersecurity blueprint, which focuses on digital infrastructures and cyber activities. The city-state spoke about its plans to set-up a panel that will offer advice on safeguarding operational technology systems.