Singapore Now Able To Certify Products Under Global Cybersecurity Standard

Singapore says its new status as a certifying body for a global cybersecurity standard will enable local developers to attain the certification more quickly and at a lower cost. Products developed here also can be exported, boosting the country's competitiveness in the global cybersecurity market, the government says. 

Singapore in January became a Certificate Authorising Nation under the Common Criteria Recognition Arrangement (CCRA). Also called ISO/IEC 15408, Common Criteria is a technical standard used to evaluable and certify cybersecurity products and is the de factor standard for such product certification adopted by governments and the industry. 

According to the Ministry of Communications and Information (MCI), Singapore is one of 18 nations that are Certificate Authorising, joining a list that includes India, Malaysia, Australia, Germany, France, and the UK. Another 12 nations are Certificate Consuming, which accept CC certificates but cannot issue them and include countries such as Indonesia, Greece, and Israel. 

A local CC Certification Body was set up by Singapore's Cyber Security Agency (CSA) and tasked in ensuring ensuring the product evaluation conformed to the requirements of the CC standards. The certification body also would maintain approved Common Criteria Testing Laboratories that carried out product evaluation. 

Developers looking to certify their products would have to engage an approved lab to assess their product. Germany's T-Systems International is amongst global companies that set up an evaluation lab in Singapore under the Singapore Common Criteria Scheme. 

With Singapore now a Certificate Authorising Nation, developers here no longer needed to send their product overseas for evaluation or arrange for testers and evaluators to come to Singapore. This would enable them to reduce their costs and shorten the time required to attain a globally recognised certification mark, MCI's Senior Minister of State Janil Puthucheary said in parliament during the Committee of Supply Debate. 

"It is a step towards becoming a regional hub for product evaluation and certification," Puthucheary noted. "We are attracting global evaluation laboratories to anchor their operations in Singapore. These developments will accelerate Singapore's exports of world-class cybersecurity products and create good jobs for Singaporeans."

The MCI added that it facilitated the exportability of cybersecurity products produced in Singapore and boosted the country's competitiveness in the global cybersecurity market. 

In addition, to encourage small and midsize businesses (SMBs) to adopt CC certification, Singapore will be introducing a "SecureTech" track under the Accreditation@SG Digital programme this quarter, in which companies have to obtain CC certification to have their cybersecurity products accredited. The initiative also aims to drive the adoption and procurement of SecureTech products amongst government agencies and businesses. 

RELATED COVERAGE

Firms fined $1M for SingHealth data security breach

SingHealth and Singapore's public healthcare sector IT agency IHIS have been slapped with S$250,000 and S$750,000 financial penalties, respectively, for the July 2018 cybersecurity attack that breached the country's personal data protection act. The fines are the highest dished out to date.

Singapore unveils implementation guides, forms industry committee to boost telecom security

Industry regulator has set up a committee comprising government officials and industry experts to establish a "multi-year roadmap" that aims to identify cyber threats and develop capabilities and tools needed to better secure Singapore's telecommunications sector, including IoT deployments.

Singapore must be tougher on firms that treat security as value-add service

Businesses that handle customer data should be expected to do so with all the appropriate cybersecurity systems and polices in place, rather than provide these as a "value-add service", and it's time the Singapore government holds those that fail to do so accountable.

Singapore to collaborate with Canada, US on cybersecurity

Singapore government has inked partnership agreements with both countries that encompass data sharing as well as joint technical certification programmes and capacity building initiatives.

Singapore moots 'essential' cybersecurity rules for financial firms

Monetary Authority of Singapore has proposed converting current cybersecurity guidelines to mandatory requirements, which financial institutions operating in the country must adopt to safeguard their IT systems and build up their cyber resilience.