Finland and Singapore share IoT security labels

  • October 13, 2021
  • Steve Rogerson

The cyber-security authorities of Finland and Singapore have agreed to recognise each other’s IoT cyber-security labels.

This cooperation between the authorities will make it easier for Finnish businesses to offer their secure smart devices on foreign markets. It also promotes the information security of smart home devices and helps consumers manage the increasing information security risks.

For Finland, the mutual recognition scheme is more significant because Singapore is one of the most technologically advanced countries in the world. Because of the cooperation, products can meet the requirements of both the Finnish Cybersecurity Label and Singapore’s Cybersecurity Label at once, with a single application process.

Uniform requirements allow products or services that meet the security criteria of both labels to be placed on the market in both countries. This facilitates product and service design and helps reduce production costs.

The mutual recognition agreement is based on long-term cooperation in which the authorities have examined and compared the requirements and procedures for issuing cyber-security labels in Finland and Singapore.

The requirements set in the labelling schemes of both countries are based on a European standard, which allows the national labels to also be used in other countries. This means that the Cybersecurity Label opens up new markets for Finnish companies and their secure consumer devices and services. As the labels become more common, the range of secure smart home devices on offer is likely to widen.

“The cooperation with our Singaporean colleagues has been extremely rewarding,” said deputy director-general Sauli Pahlman from the National Cyber Security Centre Finland (NCSC-FI) at the Finnish transport and communications agency Traficom. “We have been able to share our experiences of the key features of smart devices and the main related threats. I am delighted to see our work result in a concrete outcome in the form of a cooperation agreement.”

The importance of information security in connected products and services has been recognised across the world, including in the European Union. The rapid increase in the number of vulnerabilities detected in connected devices raises concern. For example, based on the observations of the NCSC-FI in recent years, connected devices make up more than half of all vulnerable devices. Smart devices are also an increasingly integral part of daily life for consumers, which makes their information security and privacy protection features ever more important.

In the EU, these concerns are reflected in legislation being drafted. The aim is to adopt a legal framework for a certificate attesting the information security of connected products and services and for the related requirements and certification procedures.

“The Cybersecurity Label paves the way for Finnish companies towards the EU certificate and opens up completely new markets for their products,” said Traficom’s director-general Kirsi Karlamaa. “The Cybersecurity Label is an outcome of the NCSC-FI’s future-oriented work, efforts to monitor cyber-security phenomena and long-term international cooperation to build more secure societies. It is important to create an agile certification scheme at EU-level so that we can better ensure the security of products and services offered to consumers. The NCSC-FI will play a key role in this work.”

Traficom works to influence the EU certification scheme so products and services that have been granted the Finnish Cybersecurity Label would also meet most of the requirements for the EU certificate. This would make it easier for Finnish companies to apply for an EU certificate for their products and services.