Sign In
APEC Project Database

Back to Top

Project Title

Roundtable on IoT Cybersecurity Labeling

Project Year

2024

Project Number

TELWG_202_2024A

Project Session

Session 2

Project Type

Standard

Project Status

Project in Implementation
View Budget TableView Budget Table
PrintPrint

Project No.

TELWG_202_2024A

Project Title

*
Roundtable on IoT Cybersecurity Labeling

Project Status

Project in Implementation

Fund Account

*
APEC Support Fund

Sub-fund

ASF: Digital Innovation

Project Year

2024

Project Session

*
Session 2

APEC Funding

142,144

Co-funding Amount

0

Total Project Value

142,144

Sponsoring Forum

*
Telecommunications and Information Working Group (TELWG)

Topics

Telecommunications; Digital Technology and Innovation; Conformance; Standards and Conformance

Committee

SOM Steering Committee on Economic and Technical Cooperation (SCE)

Other Fora Involved

Other Non-APEC Stakeholders Involved

 

Proposing Economy(ies)

United States

Co-Sponsoring Economies

Australia; Indonesia; Japan; Singapore; Chinese Taipei

Expected Start Date

01/03/2025

Expected Completion Date

30/06/2026

Project Proponent Name 1

Nathaniel Moulton

Job Title 1

ICT Industry Analyst

Organization 1

US Department of Commerce

Telephone 1

+12027342158

Email 1

Nathaniel.Moulton@trade.gov

Project Proponent Name 2

Emma Handel

Job Title 2

ICT Industry Analyst

Organization 2

US Department of Commerce

Telephone 2

Not Applicable

Email 2

Emma.Handel@trade.gov

Declaration

Nathaniel Moulton

Project Summary

Internet of Things (IoT) connected devices are bringing new levels of convenience, functionality, and efficiency to the consumer ICT market. The rapid proliferation of IoT applications and products has made them attractive targets for threat actors. Efforts are evolving in several member economies for more robust security protocols for IoT devices. A dialogue focused on understanding various cybersecurity labeling schemes for IoT devices being considered in different economies would be a timely effort to promote best practices and standards development and adoption across APEC members. This dialogue would take place through research and a background paper, an in-person workshop for representatives and stakeholders from APEC economies and relevant institutions to promote engagement and knowledge sharing among officials and industry stakeholders on cybersecurity labeling for IoT devices, and a summary paper to present key takeaways from the event. The summary paper will be minimum 12 pages in length excluding annexes and is intended to be an APEC Publication.

Relevance

Region
The number of IoT products on the market is increasing at a rapid pace. As the technological applications and availability of devices grow, so do the opportunities for exploitation by threat actors. Many IoT connected devices are not designed or manufactured with cybersecurity in mind and are not sufficiently protected against cyber threats. To address this, economies across the APEC region are considering practices and policies to strengthen IoT cybersecurity, including device certification and labeling schemes. In recent years, many countries have developed standards for IoT cybersecurity. Both voluntary and mandatory cybersecurity labeling schemes for IoT devices have been released with the intention of raising consumer awareness and trust in products and strengthening the IoT ecosystem. The workshop will further discussion and collaboration across APEC economies on IoT cybersecurity and draw specific attention to the benefits of a cybersecurity labeling scheme for IoT consumer devices. The workshop will highlight avenues for alignment of IoT cybersecurity standards and labeling schemes across the APEC region and promote best practices to strengthen IoT device security and the trustworthiness and resiliency of IoT software and hardware supply chains.

Eligibility and Fund Priorities
This project falls under the Digital Innovation sub-fund and supports the criteria on aligning with APEC’s digital economy priorities and capacity building. The Digital Economy Roadmap identifies enhancing trust and security in the use of ICTs as a key focus area. This project directly relates to that initiative as it aims to enhance cybersecurity of the IoT ecosystem.

Capacity Building
The workshop will emphasize the need for unique cybersecurity policies for IoT connected devices and highlight the impacts of a cybersecurity certification scheme for IoT connected devices on consumer confidence, market competitiveness, and supply chain security. The workshop will also identify areas for deeper cooperation on IoT cybersecurity best practices and standards development and adoption among APEC economies. The workshop will highlight industry perspectives on adoption and implementation. Finally, the Summary Paper with key takeaways from the Background Paper and Workshop will be published as an APEC Publication to serve as a resource for capacity building.

Objectives

The project aims to highlight the benefits of certification schemes for IoT products and facilitate discussion around coordination among these schemes. It will highlight developed cybersecurity certification programs as effective practices for IoT device security. APEC member economies can incorporate knowledge from this project in developing cybersecurity standards for IoT products. The project will also seek to showcase industry perspectives on how alignment of IoT cybersecurity standards and certification schemes promote cross-border trade and supply chain security.

Alignment

APEC
This project is aligned with multiple APEC priorities, most notably, the promotion of cooperation and information sharing on best practices for trusted, secure, and resilient ICT and alignment on standards and policies for cybersecurity. A key objective of the Putrajaya Vision 2040 (PV 2040) is regional trade and investment. The project aligns with this priority as strengthened IoT cybersecurity through labeling schemes for IoT devices will enhance trade across the APEC region and globally by reducing unnecessary barriers to trade and strengthening business competitiveness. A key objective of the Aotearoa Plan of Action (APA) is connectivity, supply chain resiliency and business conduct. The project’s focus on standards and best practices for IoT cybersecurity will promote IoT software and hardware supply chain security. The project is also in alignment with several of the key objectives outlined by APEC’s Internet and Digital Economy Roadmap. Specifically, the project supports AIDER’s goals of promoting interoperability and coherence and cooperation of regulatory approaches between APEC member economies. The project also supports AIDER’s goal of enhancing trust and security in the use of ICTs as enhanced cybersecurity for IoT consumer devices will increase consumer trust in products and raise the bar for IoT cybersecurity among manufacturers and sellers.

Forum

As part of their mission to improve ICT cybersecurity across the APEC region, the Telecommunications and Information Working Group’s (TELWG) Strategic Action Plan (2021-2025) cites the promotion of regular cybersecurity collaboration between governments, the business community, and consumers and the promotion of consumer confidence and trust in ICT products and services as key objectives.

Promoting trusted, secure, and resilient ICT across the APEC region is a key objective of the TELWG. Relatedly, the Sub-Committee on Standards and Conformance (SCSC) aims to promote good practices in the adoption and development of standards and align regional standards with internationally accepted standards. Collaboration around the development of IoT standards has been a theme in recent APEC workshops, with discussions centered on IoT device security in 2018 and 2019. In SOM 2 of 2024, the TELWG met to discuss updates in global regulation, including the U.S. FCC’s Cyber Trust Mark. Continuing the discussion of cybersecurity labeling for IoT devices through both these forums will grow channels for collaboration on policy initiatives, reduce negative effects of conflicting standards and policies for IoT security, and promote cross-border trade.

Beneficiaries and Outputs

Output

1) Background Paper
A background paper will be drafted by contractor prior to the workshop to provide a survey of global IoT cybersecurity practices. The background paper will provide an overview of current IoT cybersecurity policies and labeling schemes to highlight areas for further development and potential coordination among APEC members on IoT cybersecurity policies and labeling schemes. The background paper will serve as a reference document for the workshop discussion. The background paper will be a minimum of 12 pages in length, excluding annexes, and will be distributed to participants ahead of the meeting. Contractor will present on background paper findings as session 1 on day 1 (see rough agenda below).

2) Workshop

A two-day workshop will take place during the second TELWG meeting of 2025 (SOM 3) in Incheon, Korea. 

The workshop will gather member economy representatives, experts, and stakeholders to discuss the state of IoT cybersecurity policy and pathways for progress. The discussion will aim to highlight the benefits of certification schemes for IoT products and avenues for coordination among APEC member schemes. Speakers from APEC member economy public sectors will present on cybersecurity certification programs (implemented or under development) as effective practices for IoT device security. Industry speakers will showcase their perspectives on how consistency of IoT cybersecurity standards and certification schemes promotes cross-border trade and supply chain security. Discussion will center on how APEC member economies can incorporate knowledge from these presentations in developing cybersecurity standards for IoT products as well as mechanisms for interoperability between member economy schemes. The workshop will also cover topics such as implementation and interoperability. The workshop will include activities to encourage active capacity building which will be built into the agenda over the two day workshop. 

The workshop will close with the dissemination of a post workshop evaluation to ensure maximum responses from participants. The evaluation will gauge the usefulness and value of the workshop for participants. 

Rough Agenda Day 1

- Session 1: Scene Setting: A Survey of IoT Cybersecurity Policies and Practices across APEC Economies

- Session 2: Presentations: Best Practices for IoT Cybersecurity Frameworks for IoT Cybersecurity Certification Programs

-  Session 3: Standard Setting

-  Session 4: Mechanisms for Interoperability

-  Session 5: Networking Session

-  Session 6: Implementation and Accreditation 

Day 2

-  Session 1: Label Design

-  Session 2: Industry Adoption

-  Session 3: SME Perspectives

-  Session 4: Networking Session/Capacity Building Activity

-  Session 5: Consumer Education

3) Summary Paper
A summary paper will be drafted by contractor, combining the information from the background paper with key takeaways from the workshop. The summary paper will be a minimum of 12 pages, excluding executive summary, table of contents, PowerPoint presentations from speakers/experts, and annexes. The summary paper will be published as an APEC Publication.

Outcome

1) We hope to reach APEC consensus on the value of a unique approach to IoT device cybersecurity.

2) We hope to observe an increase in specific IoT cybersecurity polices, approaches, or regulations across APEC member economies following the project's conclusion.

3) We hope to observe further crossover work between APEC fora on digital economy and cybersecurity following the project's conclusion.

Beneficiaries

The primary beneficiaries of this dialogue are policymakers and ICT industry stakeholders in APEC member economies with interest in IoT connected device security. Project participants will be from domestic and international standards and policymaking bodies as well as industry representatives across ICT and cybersecurity sectors. Tentative candidates include the United States Federal Communications Commission (FCC), the United States National Institute for Standards and Technology (NIST), the Cybersecurity Agency of Singapore, the Australian Cyber Security Center and other APEC member counterpart agencies as well as manufacturers and sellers of IoT consumer devices and industry associations such as The Consumer Technology Association (CTA) and the Information Technology Industry Council (ITIC). 

Economies working to develop an approach to IoT cybersecurity or those that are seeing investment in the growth and security of IoT consumer products will be invited to share their views and experiences. The workshop will provide an opportunity for participants to engage with other economies and the business community, which will emphasize the benefits of a multi-stakeholder approach to cybersecurity best practices writ large. Developments in IoT cybersecurity policy are still emerging and are evolving quickly as the technology advances. The workshop will offer a platform to discuss challenges policymakers and industry are facing as well as opportunities for collaboration and tools helpful in addressing these challenges.
 
Secondary beneficiaries such as non-APEC economies looking to develop similar IoT cybersecurity labeling schemes and best practices will benefit from the information presented in the Summary Paper APEC Publication.

Dissemination

The target audience includes APEC officials and regulators, including cybersecurity agencies, telecom agencies, and domestic and international standards bodies, focused on digital trade and digital economy policies and interested in promoting the use of globally-recognized IoT cybersecurity standards in their cybersecurity approaches.

Industry stakeholders, including IoT consumer device manufacturers, sellers, and related industry associations are also a target audience. Meeting documents including agenda and presentations will be submitted to the APEC Secretariat to be uploaded on the APEC website. 

The background paper will be disseminated to participants prior to the workshop and key findings will be presented in session 1 day 1 of the workshop. 

The workshop will be held in person. 

A summary paper will be drafted by the contractor combining the information from the background paper with key takeaways from the workshop. The summary paper will be a minimum of 12 pages, excluding executive summary, table of contents, PowerPoint presentations from speakers/experts, and annexes. The summary paper will be published as an APEC Publication.

Gender

Please see Project Proposal in Supporting Documents folder.

Work Plan

Please see Project Proposal in Supporting Documents folder.

Risks

Please see Project Proposal in Supporting Documents folder.

Monitoring and Evaluation

Please see Project Proposal in Supporting Documents folder.

Linkages

This work is most relevant to the scope of TELWG because of the emphasis on enhancing cooperation and information sharing on best practices for trusted, secure, and resilient ICT. However, the successful promotion of strong IoT cybersecurity across the APEC region relies on the ability of participating economies to align on standards surrounding cybersecurity. Incorporating stakeholders and initiatives driven by the SCSC is an opportunity to leverage cross-fora and cross-sector perspectives. Accordingly, POs will strive to include the participation of delegates from TELWG and SCSC. POs will ensure that the workshops are compliment to existing cybersecurity work within TELWG and SCSC.

Sustainability

POs expect this project to continue to have an impact after APEC funding is completed. For example, we will foster a network among regulators, domestic and international standards bodies, industry, and other stakeholders which can act as the foundation to contribute to an interoperable approach to IoT cybersecurity.

Additionally, participants can share the background paper and information learned during the Workshop with other government officials or relevant agencies and industry in their home economies and apply information gathered to developing IoT cybersecurity policy and labeling schemes and mechanisms for interoperability. 

POs anticipate this project will build off of the outcomes of previous workshops on IoT device security and continued implementation of the APEC Internet and Digital Economy Roadmap. Possible next steps include future workshops on pathways to interoperable IoT cybersecurity labeling schemes between member economies or capacity building for interested economies. The outcomes of this work and potential next steps will also be highlighted at other relevant APEC meetings, including TELWG and SCSC meetings. After the workshop, POs will monitor policy developments in APEC economies to understand which approaches economies are taking towards communicating cybersecurity practices to stakeholders.

Direct Labour

Please see Project Proposal in Supporting Documents folder.

Are there any supporting document attached?

Yes
Project No.
Project Title
Project Status
Fund Account
Sub-fund
Project Year
Project Session
APEC Funding
Co-funding Amount
Total Project Value
Sponsoring Forum
Topics
Committee
Other Fora Involved
Other Non-APEC Stakeholders Involved
Proposing Economy(ies)
Co-Sponsoring Economies
Expected Start Date
Expected Completion Date
Project Proponent Name 1
Job Title 1
Organization 1
Telephone 1
Email 1
Project Proponent Name 2
Job Title 2
Organization 2
Telephone 2
Email 2
Declaration
Project Summary
Relevance
Objectives
Alignment
Beneficiaries and Outputs
Dissemination
Gender
Work Plan
Risks
Monitoring and Evaluation
Linkages
Sustainability
Direct Labour
Are there any supporting document attached?
hdFldAdmin
Project Number
Previous Fora
Secretariat Comments
Reprogramming Notes
Consolidated QAF
Endorsement By Fora
PD Sign Off
Batch
Forum Priority
Committee Ranking Category
Committee Priority
PDM Priority
Priority Within Funding Category
Monitoring Report Received
Completion Report Received
PMU Field 1
PMU Field 2
PMU Field 3
On Behalf Of
Proposal Status
Originating Sub-Forum
Approval Status
Attachments
Content Type: Standard Proposal
© Copyright APEC Secretariat. All Rights Reserved.