A new Cybersecurity Act will be tabled in Singapore’s parliament next year, Singapore’s minister for communications and information, Yaacob Ibrahim, announced on April 11.
According to Yaacob, the bill is aimed protecting the country’s critical information infrastructure. The bill will empower the year-old Cyber Security Agency (CSA) to “manage cyber incidents and raise the standards of cybersecurity providers in Singapore,” Yaacob explained.
The soon-to-be-proposed Cybersecurity Act would augment an existing Computer Misuse and Cybersecurity Act (CMCA), which grants law enforcement agencies legal powers to compel a person or entity to comply with certain obligations deemed necessary for the detection and prevention of cybersecurity threats. The CMCA’s legal reach covers not only traditional national security areas such as defense and foreign relations but also includes essential services, namely communications infrastructure, banking and finance, public utilities, public transportation, land transport infrastructure, aviation, shipping, public key infrastructure, and emergency services such as police, civil defense, or health services.
The new bill, which largely mirrors the scope of CMCA, is expected to provide the CSA wider powers to protect Singapore’s critical information infrastructure. It is also expected to include a mandatory requirement to report cybersecurity breaches, currently not required under CMCA. The requirement is likely to include a stipulated time frame.
The Singapore government’s renewed focus on cybersecurity is a response to the growing threat of cyber attacks. In November 2013, various government and private websites were hacked by an individual hacker protesting against the issuance of the new class license requirements for internet content providers. In 2014, Singapore’s Ministry of Foreign Affairs IT system was also breached, although no harm was done. The following year, in January 2015, a website, www.dncpdpc.com.sg, was taken down by Singapore’s domain name registry for impersonating the Personal Data Protection Commission (PDPC).
All these, on top of a spate of online thefts of personal and commercial data, have left the government’s alarm bells ringing. For Singapore, the cyber issue not only exposes the vulnerability of the city-state’s internal defense, but also risks undermining its reputation as one of the world’s leading commercial hubs.
One constituency that the government is particularly concerned about are small and medium-sized enterprises (SMEs). These SMEs lack cybersecurity protection, making them easy targets. To that end, the government has developed cybersecurity tool kits and consulted with industry partners.
The planned Cybersecurity Act is currently in its consultation stages, and the CSA plans to consult stakeholders on the scope of the new law.