Sinagpore cybersecurity

Understanding the new mandatory requirements for cybersecurity of home routers and residential gateways in Singapore

In 2021, nearly all homes are set up with wireless network capabilities, thanks to routers and gateways connecting computers and other electronic devices to the internet. These routing devices act as a dispatcher, sending information along the best route and connecting us to one another across the world. However, these same life-changing devices are often the first entry point for cyber-attacks as they bridge the gap between the internet and a residence.

An important part of a router or gateways’ job has always been to protect your information from security threats, which is why Singaporean officials have recently mandated new requirements for device manufacturers. As of 13 April 2021, all new wireless home routers and residential gateways must meet new security requirements before going to market in Singapore.

What are the new security requirements?

  • Randomized and unique login credentials
  • Minimum password strength requirement
  • Disabled vulnerable services and interfaces
  • Default automatic downloads of security patches
  • Secure authentication of access to device’s management interface
  • Validation of data inputs to the device in order to prevent remote hacking

How were these requirements determined?

The finalized technical specifications were created based on both industry and public feedback, following an in-depth consultation exercise. This proactive move is partially a result of continued issues with network-integrated devices such as web cameras and baby monitors, which are at higher risk of cyber-attacks.

What about those previously approved by the Infocomm Media Development Authority (IMDA)?

Any home routers that were previously approved by the IMDA are allowed to remain in the market until 12 October 2021. However, consumers are encouraged to purchase these newer devices which are compliant with these upgraded security requirements. It is also recommended to update the devices’ firmware regularly.

Why must manufacturers demonstrate compliance?

Manufacturers must adhere to these new security requirements or else their product will not be eligible to enter the Singaporean market. Users will be able to easily identify the label which indicates that they are purchasing a secure and compliant home router or gateway. Those who achieve compliance will qualify for the IMDA’s Level 1 of the Cyber Security Agency of Singapore’s Cybersecurity Labelling Scheme on their manufactured devices.

How can Nemko simplify this compliance process?

It’s important to understand that many manufacturers of router and gateway electronic technologies often do not have the time, resources, or expertise to conduct a complete conformity assessment process in-house. That’s why Nemko partners with device manufacturers to evaluate and verify compliance and offer recommendations for continuous improvement.

Send us an email at info@nemko.com for more information.

Written by Geir Hørthe
Geir Hørthe is responsible for the Nemko cyber security initiative. He has worked at Nemko for more than 30 years, in the capacity of test services, lab manager of safety, ATEX and medical departments. He has also been Managing Director at the Nemko office in London for two years. After he returned to Norway, he held for many years the position as Certification Manager at Nemko HQ with responsibilities for electrical product certifications, for national and international certification.

Watch our on-demand webinar: Cyber security for IoT products