Cyber Security Practitioner
Back to Contents

Volume: 3 Issue: 7
(July 2017)

singapore releases proposed new cybersecurity bill singapores ministry communications information cyber security agency (‘cs singapore published 10 july 2017 proposed


Share This Page

Singapore releases proposed new Cybersecurity Bill

Singapore’s Ministry of Communications and Information and the Cyber Security Agency (‘CSA’) of Singapore published on 10 July 2017 a proposed Cybersecurity Bill for public consultation, which is intended to establish a framework for the oversight and maintenance of national cyber security and empower the CSA to carry out its functions, as well as minimise the risk of cyber threats. The proposed Bill has four objectives: to provide a framework for the regulation of critical information infrastructure (‘CII’), to provide the CSA with powers to manage and respond to cyber threats and incidents, to establish a framework for the sharing of cyber security information, and to introduce a ‘lighter-touch’ licensing process for the regulation of selected cyber security service providers, which would include licensing the provision of penetration testing and managed security operations centre services.

“Against the backdrop of proliferating cyber incidents globally and locally, it is imperative that we take a more pro-active and holistic approach to strengthen our resilience against cyber-attacks, especially for CIIs. New cybersecurity legislation is needed so that we can take pro-active measures to protect our CIIs, respond expediently to cyber threats and incidents and facilitate sharing of cybersecurity information across critical sectors,” stated the CSA’s press release. The recent advanced persistent threat attacks targeting two Singaporean universities and the global WannaCry and Petya attacks are described by the CSA as being stark reminders of Singapore’s vulnerability to cyber threats.

“The key is to achieve a balance between ensuring cyber security and making sure that the obligations (e.g. participation in cyber security exercises, sharing of certain information) imposed on the CII owners are not overly onerous,” said Andrew Stott, Managing Partner at CMS Cameron McKenna Nabarro Olswang LLP. The proposed Bill sets out the duties that would be placed on the owners of CII in regards to cyber security and provides a list of the ‘essential services’ that would fall within the definition of CII, which include energy, information communications and banking.

The proposal to introduce a licensing process for the regulation of selected cyber security service providers aims to help provide greater assurance to consumers of cyber security services, address information asymmetry and improve the standards of cyber security service providers and professionals. “Arguably, the Bill will not be overly burdensome for businesses in Singapore,” said Lim Chong Kin, Head of Telecommunications, Media and Technology at Drew and Napier LLC. “It is intended that the proposed licensing requirements and registration procedures for cyber security professionals under the Bill will be made as simple as possible, with licence fees kept low.”

According to the consultation document the Singapore Government had considered introducing cyber security requirements by amending each sector’s legislation, but concluded that this approach would be a long and tedious process, and it may not achieve the desired outcome of a consistent cyber security framework applied across all sectors. It was also stated that a sector specific approach would not allow for a common national definition of the cyber security threat and CII. The consultation runs until 3 August 2017.

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to cyber security practitioner
Subscribe to cyber security practitioner
Register for a Free Trial to cyber security practitioner
cyber security practitioner Pricing

Social Media

Follow cyber security practitioner on TwitterView cyber security practitioner LinkedIn Profilecyber security practitioner RSS Feed