By Nurdianah Md Nur
July 11, 2017
Singapore is seeking public feedback on the proposed cybersecurity bill that will enable the Cyber Security Agency of Singapore (CSA) to take a more proactive and holistic approach to tackle cyberthreats.
The proposed bill has four objectives.
Firstly, it will provide a framework for the regulation of Critical Information Infrastructure (CIIs) owners. According to the CSA, attacks on CIIs such as utility plants, transportation networks and hospitals are growing globally, and they cause significant financial losses and disruptions to daily lives.
As such the bill aims to formalise and clearly define the duties of CII owners in ensuring the cybersecurity of CIIs under their responsibility, even before a cybersecurity incident occurs. It will also empower sector leads to raise the level of cybersecurity within their own sectors.
Secondly, the bill aims to provide CSA with powers to manage and respond to cybersecurity threats and incidents. Specific powers will be vested in CSA officers as sitting powers, allowing them to deal with cybersecurity threats and incidents quickly.
As information sharing is key to cybersecurity, the bill will also establish a framework allowing CSA officers to receive and share information with relevant parties for the purpose of preventing, detecting, countering or investigating any cybersecurity threat or incident.
Finally, the bill will introduce a lighter-touch licensing framework for the regulation of selected cybersecurity service providers. For instance, the bill proposes licensing for the provision of penetration testing and managed security operations centre (SOC) services. This aims to help provide greater assurance to customers of cybersecurity services, address information asymmetry in the industry, as well as improve the standards of cybersecurity service providers and professionals.
Commenting on the bill, Daryl Pereira, head of Cyber Security at KPMG in Singapore, said: "Small medium enterprises (SMEs) and sectors such as healthcare have traditionally had less attention and investment into cybersecurity as compared to the banking sector. As a result, we are seeing more instances of cyber-attackers targeting CII such as healthcare providers and hospitals. This cybersecurity bill will help to form a strong foundation for Singapore to transform itself into a digital economy, powered by innovation and enabled by cybersecurity readiness."
David Siah, country manager of Trend Micro Singapore, added: "The new cybersecurity bill is timely given the major ransomware attacks that have occurred over the first half of the year. Following the shift in mentality comes the call to action in outlining cybersecurity policies. As the bill lays bare what the industry needs to do, we hope it can ease the anxiety surrounding cyberattacks, decode how we can tackle the issue better, and herald a new spring for the cybersecurity industry in Singapore."