NTU Singapore and CSA Singapore open security testing centre

To meet the demands of Singapore’s cybersecurity evaluation needs, Nanyang Technological University, Singapore (NTU Singapore) and the Cyber Security Agency of Singapore (CSA) officially launched the National Integrated Centre for Evaluation (NiCE).

The first of its kind in South-East Asia, the joint centre serves as a one-stop facility for cyber security evaluation and certification. NiCE is a unique initiative that pools industrial and research expertise together to develop a sustainable academia-industry-government ecosystem for product evaluation and certification in Singapore.

The centre also aims to help build a pipeline of local product evaluation talent, which will maximise economic opportunities and boost Singapore’s branding as a cybersecurity hub.

The collaboration harnesses the strengths of NTU’s research expertise in software and hardware security assurance and CSA’s commitment to grow the nation’s cybersecurity market by fostering innovations between cybersecurity industry and academia to build world-class products and services, and developing a robust talent pipeline.

Located on the NTU Smart Campus, NiCE was officially launched today by Minister for Communications and Information and Minister-in-charge of Smart Nation and Cybersecurity, Mrs Josephine Teo.

NTU Deputy President and Provost Professor Ling San said: “The rising threat of cyberattacks makes it vital that institutions, companies and agencies stay one step ahead of cyberthreats. Properly evaluating hardware to ensure that they are designed with security in mind, rather than added on as an afterthought, is the first step in keeping our cyber-physical systems safe.

NTU’s collaboration with CSA to set up NiCE leverages the University’s strengths in areas such as computer science and engineering research and brings together industrial and research expertise in cybersecurity. The centre will also provide training and education to graduate students and industry professionals, allowing us to upskill and groom an important talent pool in this growing industry. This partnership underscores NTU’s commitment as an academic anchor for industry partners.”

Mr. David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said: “As we move towards a digital future, it is important to ensure that new emerging technologies are designed securely. This collaboration between CSA and NTU underlines CSA’s continual commitment in working with institutions of higher learning and industry to build up the cybersecurity manpower pipeline and facilitate a national cybersecurity ecosystem that will provide good business opportunities and jobs.”

The importance of cybersecurity evaluation and testing

The emergence of the Internet of Things (IoT) and increasing use of cyber-physical systems have led to a surge in devices and hardware components, such as communication points, storage, sensors, and actuators in such devices. According to a forecast by Business Insider Intelligence, it is estimated that there will be 64 billion IoT devices globally by 2025.

These components present themselves as potential entry points for hackers and malicious actors. End users have little means to assess if these components are secure and need to rely on independent experts to perform such security evaluation.

NiCE supports the national push towards greater security evaluation by providing an all-in-one platform for manufacturers and developers to test and certify their products.

The $19.5 million centre will provide support to the industry in three areas: creating a community of practice, developing a research eco-system, and furthering education and training.

Seeding a community of practice

The barriers to entry for the security evaluation industry is high due to high equipment cost and deep expertise needed to perform security evaluation at the highest assurance levels.

To seed a community of practice, NiCE will provide access to advanced equipment which evaluators and developers can use to perform evaluation at the highest assurance level. The centre will also maintain a pool of research and technical staff with the expertise to use the equipment and share their knowledge with other users.

This will contribute to a sustainable industry eco-system for product evaluation and certification in Singapore.

Growing the testing, inspection, and certification industry for cybersecurity

NiCE will support the growth of the nascent Testing, Inspection, and Certification (TIC) industry through its facilities for the vulnerability assessment of software and hardware products, physical hardware attacks and their countermeasures.

To uplift the industry eco-system for cybersecurity testing and evaluation, NiCE will facilitate research and development in advanced security evaluation techniques, covering topics such as software and hardware security protections.

This will in turn support the capability building and knowledge transfer to the TIC industry, so that TIC companies specialising in cybersecurity testing and certification can support CSA and NiCE in providing quality services to end industry users.

The Singapore Accreditation Council (SAC) will work closely with CSA and NiCE to develop relevant accreditation programmes and facilitate the development of local TIC capabilities to support the cybersecurity eco-system. These include SAC’s IT testing programmes which will enable accredited TIC companies to provide assurance on the accuracy and consistency of their test reports and certificates that support CSA’s schemes such as the Cybersecurity Labelling Scheme (CLS).

NiCE Director Professor Gan Chee Lip, Associate Provost (Undergraduate Education) from NTU’s School of Materials Science & Engineering, said: “At NiCE, the research in advanced techniques is co-located with the evaluation facilities and training programmes, allowing for tighter alignment and synergy between these activities. The setup at NiCE allows for greater access to cutting-edge academic research by the industry.”

Building a pipeline of local product evaluation talent

As the demands for the nation’s cybersecurity evaluation grow, so will the demand for competent security evaluators and a sustained talent pipeline of such professionals.

To meet this demand, NiCE will provide training, development, and certification for students and professionals to equip them with relevant security evaluation competencies, as well as knowledge about certification processes and evaluation methodologies necessary for them to transit seamlessly into the industry.

For example, NTU and CSA launched a Graduate Certificate in Hardware Security Evaluation and Certification last year which leverages the state-of-the-art facilities at NiCE to provide deep professional training on evaluation techniques. The certificate aims to train and upskill professionals in the industry as well as for professionals who are keen to join the industry.

NiCE will also enhance existing cybersecurity curriculum for students to include topics such as security evaluation. Students can also apply for internships at NiCE to gain exposure to the cybersecurity industry. Information on available courses, certification and internships are available on the NiCE website.

Ensuring safety through Security-by-Design

The work at NiCE is aligned with CSA’s goal of promoting Security-by-Design through security evaluation. CSA kickstarted the process with the Singapore Common Criteria Scheme and Cybersecurity Labelling Scheme (CLS) to certify infocomm products in 2019 and 2020 respectively.

CSA and the Singapore Standards Council have also developed the national standard, Technical Reference 91, on Cybersecurity Labelling for Consumer IoT. This sets out the guiding principles to design and build safe and secure consumer IoT devices according to CLS security requirements.

As at end-April 2022, the two schemes have seen healthy take-up by manufacturers. More than 200 products have been submitted for labelling under the four levels of CLS and 20 products submitted for evaluation at higher assurance levels under the SCCS.

To make it easier for manufacturers to attain the highest CLS security rating, CSA has introduced an initiative known as “CLS-Ready”. This new initiative was announced by Minister Josephine Teo at the event. Security functionalities provided by CLS-Ready hardware will no longer be needed to be tested again at the end-device level, allowing developers and manufactures to save time and cost while not compromising on security.