Front Page: Traficom
Front Page: Traficom
Menu

The cybersecurity authorities of Finland and Singapore are the first authorities in the world to agree on the mutual recognition of cybersecurity labels issued by each other and the related procedures. This cooperation between the authorities will make it easier for Finnish businesses to offer their secure smart devices on foreign markets. It also promotes the information security of smart home devices and helps consumers manage the increasing information security risks. For Finland, the mutual recognition scheme is all the more significant because Singapore is one of the most technologically advanced countries in the world. Because of the cooperation published today, products would have met the requirements of both the Finnish Cybersecurity Label and Singapore’s Cybersecurity Label at once, with a single application process. Uniform requirements allow products or services that meet the security criteria of both labels to be placed on the market in both countries. This facilitates product and service design and helps reduce production costs.

David Koh, Commissioner of Cybersecurity, Chief Executive, Cyber Security Agency of Singapore and Deputy Director-General Sauli Pahlman, National Cyber Security Centre Finland, Finnish Transport and Communications Agency Traficom signing the Memorandum of Understanding at Singapore International Cyber Week 2021

For Finland, the mutual recognition scheme is all the more significant because Singapore is one of the most technologically advanced countries in the world. Because of the cooperation published today, products can fulfill the requirements of both the Finnish Cybersecurity Label and Singapore’s Cybersecurity Label at once, with a single application process. Uniform requirements allow products or services that meet the security criteria of both labels to be placed on the market in both countries. This facilitates product and service design and helps reduce production costs.

Finland and Singapore pioneers in developing the information security of smart home devices and international cooperation

The mutual recognition agreement is based on long-term cooperation in which the authorities have examined and compared the requirements and procedures for issuing cybersecurity labels in Finland and Singapore. The requirements set in the labelling schemes of both countries are based on a European standard, which allows the national labels to also be used in other countries. This means that the Cybersecurity Label opens up new markets for Finnish companies and their secure consumer devices and services. As the labels become more common, the range of secure smart home devices on offer is likely to widen.

“The cooperation with our Singaporean colleagues has been extremely rewarding. We have been able to share our experiences of the key features of smart devices and the main related threats. I am delighted to see our work result in a concrete outcome in the form of a cooperation agreement,” says Deputy Director-General Sauli Pahlman from the National Cyber Security Centre Finland (NCSC-FI) at the Finnish Transport and Communications Agency Traficom.  

Path towards certified consumer products and services

The importance of information security in connected products and services has been recognised across the world, including in the European Union. The rapid increase in the number of vulnerabilities detected in connected devices raises concern. For example, based on the observations of the NCSC-FI in recent years, connected devices make up more than half of all vulnerable devices. Smart devices are also an increasingly integral part of daily life for consumers, which makes their information security and privacy protection features ever more important. In the EU, these concerns are reflected in the legislation being drafted. The aim is to adopt a legal framework for a certificate attesting the information security of connected products and services and for the related requirements and certification procedures.

“The Cybersecurity Label paves the way for Finnish companies towards the EU certificate and opens up completely new markets for their products. The Cybersecurity Label is an outcome of the NCSC-FI’s future-oriented work, efforts to monitor cybersecurity phenomena and long-term international cooperation to build more secure societies. It is important to create an agile certification scheme at EU-level so that we can better ensure the security of products and services offered to consumers. The NCSC-FI will play a key role in this work,” says Traficom’s Director-General Kirsi Karlamaa

Traficom works to influence the EU certification scheme so that products and services that have been granted the Finnish Cybersecurity Label would also meet most of the requirements for the EU certificate. This would make it easier for Finnish companies to apply for an EU certificate for their products and services.

Enquiries:

Saana Seppänen, Senior Specialist, National Cyber Security Centre Finland at Traficom, tel. +358 29 5390 485, saana.seppanen@traficom.fi

Jukka-Pekka Juutinen, Director, National Cyber Security Centre Finland at Traficom, tel. +358 29 5390 523, jukka-pekka.juutinen@traficom.fi

Background:

The Finnish Transport and Communications Agency Traficom has for several years reflected on the future of cybersecurity and monitored cybersecurity phenomena. One of the key phenomena observed has been the rapid increase in the number of connected devices with insufficient security features. To tackle the issue, Traficom launched in 2019, as the first authority in the world, a Cybersecurity Label for connected products and services to help consumers choose secure devices and services. 

The label raises awareness of the importance of cybersecurity and Traficom’s assessment of the key requirements for ensuring the information security of consumer devices and services. Another objective has been to encourage the manufacturers and designers of connected devices and services to make their product and service development processes secure. The Cybersecurity Label was Traficom’s answer to the long-lasting issue of poor information security in devices. 
Soon after Traficom, the Cyber Security Agency of Singapore (CSA) published its own labelling scheme, the IoT Cybersecurity Label. Both schemes build on the European ETSI standard EN 303645. The ETSI standard was published in the summer of 2020, and it was the world’s first official standard on the information security of consumer devices. Traficom participated in the drafting of the standard and the requirements it contains.

The mutual recognition of the Cybersecurity Label and the IoT Cybersecurity Label is based on a cooperation agreement between the Finnish Transport and Communications Agency Traficom and the Cyber Security Agency of Singapore. 

Links:

International IoT Security Roundtable
https://www.youtube.com/watch?v=DoMNDT2YNXU (External link)

Website of the Finnish Cybersecurity Label: https://tietoturvamerkki.fi/en (External link)

Press release, 26 November 2019: https://www.kyberturvallisuuskeskus.fi/en/news/finland-becomes-first-european-country-certify-safe-smart-devices-new-cybersecurity-label (External link)

Website of the Cyber Security Agency of Singapore: https://www.csa.gov.sg/Programmes/cybersecurity-labelling/about-cls (External link)