The Cyber Security Agency of Singapore (CSA) published the consultation paper on the Cyber Security Amendment Bill 2023 on December 15, 2023. The consultation period runs until 15 January 2024. The public is invited to share their reviews and suggestions online. on the REACH website.
Currently, the Cybersecurity Act 2018 serves as the regulatory framework for overseeing and managing national cybersecurity in Singapore. However, since its implementation, the cyber risk landscape and business environment have undergone constant changes. In addition, Singapore’s immediate digitalization positions it among the top digitally connected countries in the world. As a result, new cybersecurity considerations have emerged regarding robust control of connectivity, computing, and knowledge storage.
The draft Cybersecurity (Amendment) Bill introduces comprehensive changes to enhance Singapore’s cybersecurity framework. Firstly, it aims to update existing laws related to Critical Information Infrastructure (CII) protection. This includes provisions to accommodate technological advancements, allowing CII owners to leverage new technologies like cloud services. Additionally, the amendments streamline the operationalization and administration of CII regulations, empowering the Commissioner of Cybersecurity with new authorities. These include the ability to grant time extensions and conduct onsite inspections to ensure compliance with the Act’s requirements.
Secondly, the Bill proposes an extension of the Commissioner of Cybersecurity’s oversight. This extension is designed to safeguard nationally significant computer systems, particularly during crucial periods.
Thirdly, the amendments respond to the need for greater situational awareness of cybersecurity threats to basic virtual infrastructures. This includes supporting the basic virtual infrastructure that underpins Singapore’s virtual economy and way of life. The Commissioner has the authority to impose basic cybersecurity criteria for this critical infrastructure, ensuring strong coverage and resilience to evolving cyber threats. These measures combine Singapore’s commitment to cybersecurity, building confidence in its digitalization efforts.
The provisions of the Amendment Bill aim to ensure that Singapore’s Cybersecurity Act continues to meet its purpose and cover new demanding situations in the changing cyber risk landscape.
Previously, only the Critical Information Infrastructure (CII) owned by the vendor was subject to liability. Compliance included having to submit specific information to the CSA, being subject to regular audits and risk assessments, participating in cybersecurity exercises and reporting incidents.
However, with the amendments proposed in the bill, non-vendor-owned ITCs that use IT providers to provide must-have facilities will also be subject to progression rights. In addition, the bill will address operational loopholes in the law. adding clarifying that designated ITCs, even if they are located entirely outside of Canada, will be subject to the obligations set out in the bill.
These are critical digital infrastructure providers that provide services of a core nature in Singapore and will be appointed or directed by the Minister or Commissioner. These could be services that promote the availability, latency, or security of digital services in Singapore, which could result in disruption to a large number of businesses or organizations if attacked.
These are entities that are specific targets of malicious threats due to the sensitive knowledge they possess or the purposes they carry out and that, if compromised, could affect national defense, foreign relations, the economy, public health, and the community.
These are systems that are essential to Singapore for a limited time and are potentially at high risk of cyberattack during this period. Examples include systems specifically set up to support large-scale international events held in Singapore (e.g., World Economic Forum) or vaccine distribution during the COVID-19 pandemic.
Entities regulated under the Cyber Security Act will be required to comply with cyber security standards of practice, report cyber security incidents to the CSA, and comply with directions issued by the Commissioner to ensure cyber security for the specific IT systems they have.
As Singapore goes digital, the threat of organizations falling victim to cyberattacks is increasing. This update to the Cybersecurity Act is vital to ensure that mandatory protections are in place for the sleek and robust operation of virtual infrastructure and services, which are for businesses and investments. .
The release of the consultation paper on the Cybersecurity Amendment Bill 2023 through the Cyber Security Agency of Singapore (CSA) marks a proactive step to address the evolving cyber risk landscape. This proposed amendment targets Singapore’s cybersecurity framework established under the Cybersecurity Act 2018.
The identity of key virtual infrastructure providers and entities with specialized cybersecurity interests highlights a nuance in the protection of critical systems and sensitive data.
In addition, the popularity of systems with transient cybersecurity issues, such as those supporting large-scale emergency events or operations, demonstrates a forward-thinking strategy for addressing brief but high-risk scenarios.
The government’s goal with this amendment bill is to reassure Singaporeans and entrepreneurs in the country that they can embrace digitalization with confidence, ensuring their virtual security.
About Us
ASEAN Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia and maintains offices throughout ASEAN, including in Singapore, Hanoi, Ho Chi Minh City, and Da Nang in Vietnam, Munich, and Esen in Germany, Boston, and Salt Lake City in the United States, Milan, Conegliano, and Udine in Italy, in addition to Jakarta, and Batam in Indonesia. We also have partner firms in Malaysia, Bangladesh, the Philippines, and Thailand as well as our practices in China and India. Please contact us at [email protected] or visit our website at www.dezshira.com.
Our free webinars are full of information for doing business in ASEAN.
Subscribing grants you this, plus free access to our articles and magazines.
Sign up for your complimentary subscription to our weekly newsletter here.
No subscription fees!
Type keyword to begin searching…