Darryl David on Cybersecurity (Amendment) Bill
Under the proposed amendment to the Cybersecurity (Amendment) Bill, Critical Information Infrastructure (CII) owners remain responsible for the cybersecurity and resilience of the CII and they are now required to report more types of cyber incidents, including those targeting their supply chains and peripheral systems that have been outsourced and offshored. How would the Government, in cases where systems are owned by overseas vendors or suppliers, support owners of CII to exercise oversight on these overseas vendors and suppliers, especially when these vendors and suppliers are not obliged by their own local laws to disclose instances of cyber incidents to CII owners in Singapore? MP Darryl David raised this question in Parliament on Tuesday (May 7). He also asked the Government to elaborate on how the Cyber Security Agency (CSA) will work with CII owners and possibly their overseas suppliers and vendors to secure their systems. He also highlighted that one of the specific amendments in the Bill is to allow the CSA to exercise oversight on Systems of Temporary Cybersecurity Concern (STCCs), and proactively secure STCCs to ensure the cybersecurity of their systems. Under the current Government procurement framework with an open tender system, he said that potential STCC vendors might find it difficult to meet tender specifications within the tender period as they would have to include an extended elaboration on cybersecurity requirements. This is especially so if the procurement of services is on an urgent basis. He asked if the Government would consider setting up a whitelist of STCC vendors in such instances and help them secure their systems ahead of time, as well as appoint them directly for future joint projects without a public tender.
Under the proposed amendment to the Cybersecurity (Amendment) Bill, Critical Information Infrastructure (CII) owners remain responsible for the cybersecurity and resilience of the CII and they are now required to report more types of cyber incidents, including those targeting their supply chains and peripheral systems that have been outsourced and offshored. How would the Government, in cases where systems are owned by overseas vendors or suppliers, support owners of CII to exercise oversight on these overseas vendors and suppliers, especially when these vendors and suppliers are not obliged by their own local laws to disclose instances of cyber incidents to CII owners in Singapore? MP Darryl David raised this question in Parliament on Tuesday (May 7). He also asked the Government to elaborate on how the Cyber Security Agency (CSA) will work with CII owners and possibly their overseas suppliers and vendors to secure their systems. He also highlighted that one of the specific amendments in the Bill is to allow the CSA to exercise oversight on Systems of Temporary Cybersecurity Concern (STCCs), and proactively secure STCCs to ensure the cybersecurity of their systems. Under the current Government procurement framework with an open tender system, he said that potential STCC vendors might find it difficult to meet tender specifications within the tender period as they would have to include an extended elaboration on cybersecurity requirements. This is especially so if the procurement of services is on an urgent basis. He asked if the Government would consider setting up a whitelist of STCC vendors in such instances and help them secure their systems ahead of time, as well as appoint them directly for future joint projects without a public tender.
Popular Shows
