NTU and CSA launch joint centre for cybersecurity evaluation, research, and education
NTU Singapore and CSA Singapore launch joint centre for cybersecurity evaluation, research, and education
The launch of NiCE on May 18, 2022. Photo: NTU Singapore and CSA
To meet the demands of Singapore’s cybersecurity evaluation needs, Nanyang Technological University, Singapore (NTU) and the Cyber Security Agency of Singapore (CSA) established the National Integrated Centre for Evaluation (NiCE). The centre was officially launched by the Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity, Mrs Josephine Teo on 18 May 2022.
The first of its kind in South-East Asia, the joint centre serves as a one-stop facility for cyber security evaluation and certification. NiCE is a unique initiative that pools industrial and research expertise together to develop a sustainable academia-industry-government ecosystem for product evaluation and certification in Singapore. The centre also aims to help build a pipeline of local product evaluation talent, which will maximise economic opportunities and boost Singapore’s branding as a cybersecurity hub.
The collaboration harnesses the strengths of NTU’s research expertise in software and hardware security assurance and CSA’s commitment to grow the nation’s cybersecurity market by fostering innovations between cybersecurity industry and academia to build world-class products and services, and developing a robust talent pipeline.
The importance of cybersecurity evaluation and testing
The emergence of the Internet of Things (IoT) and increasing use of cyber-physical systems have led to a surge in devices and hardware components, such as communication points, storage, sensors, and actuators in such devices. According to a forecast by Business Insider Intelligence, it is estimated that there will be 64 billion IoT devices globally by 2025.
NiCE supports the national push towards greater security evaluation by providing an all-in-one platform for manufacturers and developers to test and certify their products. The $19.5 million centre will provide support to the industry in three areas: creating a community of practice, developing a research eco-system, and furthering education and training.
Seeding a community of practice
To seed a community of practice, NiCE will provide access to advanced equipment which evaluators and developers can use to perform evaluation at the highest assurance level. The centre will also maintain a pool of research and technical staff with the expertise to use the equipment and share their knowledge with other users.
This will contribute to a sustainable industry eco-system for product evaluation and certification in Singapore.
Growing the Testing, Inspection, and Certification industry for cybersecurity
NiCE will support the growth of the nascent Testing, Inspection, and Certification (TIC) industry through its facilities for the vulnerability assessment of software and hardware products, physical hardware attacks and their countermeasures.
To uplift the industry eco-system for cybersecurity testing and evaluation, NiCE will facilitate research and development in advanced security evaluation techniques, covering topics such as software and hardware security protections.
This will in turn support the capability building and knowledge transfer to the TIC industry, so that TIC companies specialising in cybersecurity testing and certification can support CSA and NiCE in providing quality services to end industry users.
The Singapore Accreditation Council (SAC) will work closely with CSA and NiCE to develop relevant accreditation programmes and facilitate the development of local TIC capabilities to support the cybersecurity eco-system. These include SAC’s IT testing programmes which will enable accredited TIC companies to provide assurance on the accuracy and consistency of their test reports and certificates that support CSA’s schemes such as the Cybersecurity Labelling Scheme (CLS).
Building a pipeline of local product evaluation talent
As the demands for the nation’s cybersecurity evaluation grow, so will the demand for competent security evaluators and a sustained talent pipeline of such professionals.
To meet this demand, NiCE will provide training, development, and certification for students and professionals to equip them with relevant security evaluation competencies, as well as knowledge about certification processes and evaluation methodologies necessary for them to transit seamlessly into the industry.
Ensuring safety through Security-by-Design
The work at NiCE is aligned with CSA’s goal of promoting Security-by-Design through security evaluation. CSA kickstarted the process with the Singapore Common Criteria Scheme and Cybersecurity Labelling Scheme (CLS) to certify infocomm products in 2019 and 2020 respectively.
CSA and the Singapore Standards Council have also developed the national standard, Technical Reference 91, on Cybersecurity Labelling for Consumer IoT. This sets out the guiding principles to design and build safe and secure consumer IoT devices according to CLS security requirements.
As at end-April 2022, the two schemes have seen healthy take-up by manufacturers. More than 200 products have been submitted for labelling under the four levels of CLS and 20 products submitted for evaluation at higher assurance levels under the SCCS.
To make it easier for manufacturers to attain the highest CLS security rating, CSA has introduced an initiative known as “CLS-Ready”. Security functionalities provided by CLS-Ready hardware will no longer be needed to be tested again at the end-device level, allowing developers and manufactures to save time and cost while not compromising on security.
Extracted from Cyber Security Agency of Singapore (CSA), click here to read the full release.
More media news available below:
Ministry of Communications and Information (MCI)