Amidst growing concerns about data privacy and security across a rapidly digitising world, Singapore has today taken a major step to allay these fears, and crack the whip on cybercrime, by setting in motion the process to make some necessary amendments to update and modernise the existing laws pertaining to cyber security so that they keep up with changes in technology.
The Cyber Security Agency of Singapore (CSA) has launched a public consultation to seek feedback on the Cybersecurity (Amendment) Bill. The public consultation will commence today and end on 15 January 2024.
In a statement, CSA explained the rationale behind the move saying, “The Cybersecurity Act 2018 sets out the legal framework for the oversight and maintenance of national cybersecurity in Singapore. Since then, the technological landscape has shifted. Businesses are adopting new technological tools and business models, such as cloud computing, and are increasingly engaging vendors or other third-party service providers in the supply chain.”
It further said, “For individuals, a growing proportion of work and our daily lives now take place online. Cybersecurity is thus more critical than ever. The Cybersecurity (Amendment) Bill seeks to ensure that Singapore’s cybersecurity laws remain fit-for-purpose, and can address the emerging challenges in cyberspace.”
This is significant given how Singapore is a shining beacon of digital transformation in the Asia Pacific, and a hub of the Cloud and Data Center industry in the region. Singapore has over 70 data centers operated by some of the biggest global and regional players such as Amazon Web Services (AWS), Facebook, Google, Microsoft, NTT Data, STT GDC, Singtel, BDx, Digital Realty, Equinix, among others. Moreover, given how Singapore is also a nerve center of banking and finance, there is a need to ensure that critical and personal information remains protected from cyber criminals.
“As Singapore digitalises, there is an increased risk of organisations falling victim to cyber-attacks. This update of the Cybersecurity Act is important to ensure that the necessary safeguards are put in place for the digital infrastructure and services that we use. This way, Singaporeans and businesses can embrace digitalisation with confidence, knowing that they are safe and secure in the digital domain. We welcome feedback from all interested parties to help shape the Act and better protect Singaporeans and our businesses,” said David Koh, Commissioner of Cybersecurity and Chief Executive of CSA.
In 2021, hackers had attacked and tried to obtain login credentials for several customer service portals operated by ST Telemedia Global Data Centers (STT GDC). However, after conducting an internal investigation, STT GDC told Channel News Asia in February 2023, that there was “no data loss or impact to any of these customer service portals.”
In the statement, CSA explained the scope of the consultation saying that the amendments planned were needed to update “existing laws pertaining to the protection of critical information infrastructure (CII)” and that in fact, they needed to look beyond just CIIs. “To this end, it is proposed that the regulatory oversight of the Commissioner of Cybersecurity be extended to nationally important computer systems that face heightened risks during crucial periods, as well as entities of special cybersecurity interest, as breaches of such organisations could have detrimental implications for the defence, foreign relations, economy, public health, public safety, or public order of Singapore,” said CSA.
It further said that it intended to update regulations to “provide the Commissioner of Cybersecurity with greater situational awareness such that there is early and timely information on the cybersecurity vulnerabilities, threats, and incidents that affect CIIs, and other identified systems and infrastructure.” CSA also said, “Entities regulated under the Cybersecurity Act will be required to adhere to cybersecurity standards of practice, report cybersecurity incidents to CSA, and comply with directions issued by the Commissioner to ensure the cybersecurity of specific computer systems under their charge.”