Suggestions have been invited from the public on the proposed Cybersecurity Bill to strengthen cybersecurity in Singapore. The public consultation exercise has started from today and will continue till August 3.
The proposed new law will override existing laws, such as Banking Secrecy Act, and establish a framework to manage cyber security in Singapore as well as allow the Cyber Security Agency (CSA) to carry out its functions.
The Bill will also provide CSA with powers to manage and respond to cybersecurity threats and incidents.
It will also establish a framework for the sharing of cybersecurity information with and by CSA officers, and the protection of such information. CSA officers will be able to receive and share information with relevant parties, for the purpose of preventing, detecting, countering or investigating any cybersecurity threat or incident.
Stressing the need for sprucing up the cybersecurity landscape through a press release, CSA said, “Cyber-attacks are getting increasingly frequent, sophisticated and impactful. Globally, we have also seen a surge in the number of cybersecurity incidents, such as ransomware, cyber theft, banking fraud, cyber espionage and disruptions to Internet services. In Singapore, the recent Advanced Persistent Threat (APT) attacks targeting two of our universities, and the occurrence of the global WannaCry and Petya/Petna malware attacks which also reached our shores, serve as stark reminders of Singapore’s vulnerability to cyber threats.”
It added, “Around the world, attacks on systems that run utility plants, transportation networks, hospitals and other essential services are growing. Successful attacks can and have resulted in significant financial losses and disruptions to daily lives. Hence, the protection of our Critical Information Infrastructure (CIIs) which are necessary for the continuous delivery of Singapore’s essential services is a cornerstone of the proposed Bill.”
Owners of critical information infrastructure (CII), defined as computer systems necessary for the continuous delivery of essential services, will have certain statutory duties, such as reporting cyber-attacks involving the CIIs, as well as carrying out audits, risk assessments and participating in cyber security exercises.
It added, “New cybersecurity legislation is needed so that we can take pro-active measures to protect our CIIs, respond expediently to cyber threats and incidents and facilitate sharing of cybersecurity information across critical sectors.”
The proposed cybersecurity bill has the objective to provide a framework for the regulation of CII owners (CIIOs). It formalises the duties of CIIOs in ensuring the cybersecurity of CIIs under their responsibility, even before a cybersecurity incident has occurred. The CIIOs’ responsibilities in protecting their respective CIIs will be spelt out, and the Act will also empower sector leads to raise the level of cybersecurity within their own sectors.
The Bill also proposes licensing the provision of penetration testing and managed security operations centre (SOC) services. The proposed licensing framework aims to help provide greater assurance of safety and security to consumers of cybersecurity services, address information asymmetry in the industry and provide for improving the standards of cybersecurity service providers and professionals.
The public consultation paper and procedures for submission of feedback are available on the REACH public consultation portal at www.reach.gov.sg and CSA’s website at www.csa.gov.sg from today. Public may provide feedback to csa_cs_bill_feedback@csa.gov.sg