Singapore Cybersecurity Draft Amendment Bill: Public Consultation Ends Jan. 15
The Cyber Security Agency of Singapore (CSA) on 15 December 2023 published the consultation paper on the draft 2023 Cybersecurity Amendment Bill. The consultation period is until January 15, 2024. The public are invited to share their views and suggestions via the online form on the REACH website.
At present, the Cybersecurity Act of 2018 serves as the regulatory framework overseeing and managing national cybersecurity in Singapore. Since its implementation, however, the cyber threat landscape and business environment have undergone constant changes. Moreover, Singapore’s rapid digitalization positions it as among the most digitally connected countries globally. Consequently, new considerations for cybersecurity have emerged with regards to the stable management of connectivity, computing, and data storage.
Draft Singapore Cybersecurity Amendment Bill
The draft Cybersecurity (Amendment) Bill introduces comprehensive changes to enhance Singapore’s cybersecurity framework. Firstly, it aims to update existing laws related to Critical Information Infrastructure (CII) protection. This includes provisions to accommodate technological advancements, allowing CII owners to leverage new technologies like cloud services. Additionally, the amendments streamline the operationalization and administration of CII regulations, empowering the Commissioner of Cybersecurity with new authorities. These include the ability to grant time extensions and conduct onsite inspections to ensure compliance with the Act’s requirements.
Secondly, the Bill proposes an extension of the Commissioner of Cybersecurity’s oversight. This extension is designed to safeguard nationally significant computer systems, particularly during crucial periods.
Thirdly, the amendments address the need for greater situational awareness of cybersecurity threats to foundational digital infrastructure. This includes supporting the foundational digital infrastructure that underlies Singapore’s digital economy and way of life. The Commissioner is empowered to mandate baseline cybersecurity standards for this critical infrastructure, ensuring robust protection and resilience in the face of evolving cyber threats. These measures collectively reinforce Singapore’s commitment to cybersecurity, fostering trust and confidence in its digitalization efforts.
Scope of consultation
The provisions in the draft Amendment Bill aim to ensure that Singapore’s cybersecurity law continues to fulfil its function and cover new challenges in the rapidly changing cyber threat landscape.
Critical information infrastructure
Previously, only the Critical Information Infrastructure (CII) owned by the vendor was subject to liability. Compliance included having to submit specific information to the CSA, being subject to regular audits and risk assessments, participating in cybersecurity exercises and reporting incidents.
However, with the proposed amendments in the Bill, non-vendor-owned CIIs that use IT suppliers to provide essential services will also be protected and subject to development rights. Additionally, the Bill will address operational gaps in the Act, including clarifying that designated CIIs, even if located entirely overseas, will be bound by obligations under the Bill.
Core digital Infrastructure
These are critical digital infrastructure providers that provide services of a core nature in Singapore and will be appointed or directed by the Minister or Commissioner. These could be services that promote the availability, latency, or security of digital services in Singapore, which could result in disruption to a large number of businesses or organizations if attacked.
Entities with special cybersecurity interests
These are entities that are particularly attractive targets for malicious threats due to the sensitive data they possess, or the functions performed, which if compromised, can have an impact on national defense, foreign relations, the economy, public health, and the community.
Systems with temporary cyber security concerns
These are systems that are essential to Singapore for a limited time and are potentially at high risk of cyberattack during this period. Examples include systems specifically set up to support large-scale international events held in Singapore (e.g., World Economic Forum) or vaccine distribution during the COVID-19 pandemic.
Entities regulated under the Cyber Security Act will be required to comply with cyber security standards of practice, report cyber security incidents to the CSA, and comply with directions issued by the Commissioner to ensure cyber security for the specific IT systems they have.
As Singapore digitalizes, the risk of organizations falling victim to cyber-attacks increase. This Cyber Security Act update is important to ensure that the necessary protections are in place for the smooth and stabling operation of digital infrastructure and services, which are indispensable to business and investment.
The release of the consultation paper on the draft 2023 Cybersecurity Amendment Bill by the Cyber Security Agency of Singapore (CSA) marks a proactive step in addressing the evolving landscape of cyber threats. This proposed amendment aims to fortify Singapore’s cybersecurity framework established under the 2018 Cybersecurity Act.
Identifying core digital infrastructure providers and entities with specialized cybersecurity interests highlights a nuanced approach to safeguarding critical systems and sensitive data.
Additionally, recognizing systems with temporary cybersecurity concerns, such as those supporting large-scale events or emergency operations, demonstrates a forward-thinking strategy to address transient but high-risk scenarios.
The government’s intention behind the amendment bill is to reassure Singaporeans and businesspeople in the country that they can confidently embrace digitalization, by ensuring they are digitally safe.
ASEAN Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia and maintains offices throughout ASEAN, including in Singapore, Hanoi, Ho Chi Minh City, and Da Nang in Vietnam, Munich, and Esen in Germany, Boston, and Salt Lake City in the United States, Milan, Conegliano, and Udine in Italy, in addition to Jakarta, and Batam in Indonesia. We also have partner firms in Malaysia, Bangladesh, the Philippines, and Thailand as well as our practices in China and India. Please contact us at email@example.com or visit our website at www.dezshira.com.
- Previous Article Incentives in Malaysia’s Special Economic Zones: A Guide for Businesses
- Next Article A Guide to HR Compliance in the Philippines