Janil Puthucheary on Cybersecurity (Amendment) Bill
Singapore is making a “major update” to its Cybersecurity Act, given the significant shifts in the digital domain, said Senior Minister of State for Communications and Information Janil Puthucheary. It will have the power to keep pace with developments in technology and business practices and respond to evolving cybersecurity challenges in the cyber threat landscape, he said in Parliament on Tuesday (May 7). This means extending the regulatory oversight to other important systems and entities, and using a risk-based approach to regulate entities for cybersecurity and administer the Act more effectively. These will strengthen Singapore’s national cybersecurity and increase trust in using online services, said Dr Janil. A key provision involves Critical Information Infrastructure (CII). Dr Janil said regulating CIIs is no longer sufficient and it is vital to update cybersecurity laws to continue to stay ahead of the curve. Dr Janil pointed out that the 2018 Act was developed to regulate CIIs as physical systems, but new technology and business models have emerged. Hence, the need to better regulate CIIs to ensure that they continue to be secure and resilient against cyber threats, whatever technology or business model they run on. Under the Bill, the meaning of computer and computer system in specified portions will include virtual computers and virtual computer systems. The new definition will make clear that the CII owner is responsible for the cybersecurity of its virtualised CII. Another provision deals with essential services from overseas. CIIs that are wholly located outside of Singapore can be designated and regulated so long as the owners are in Singapore and the computer system would have been designated as a CII under the law had it been located wholly or partly in Singapore. The law will also be updated to address malicious cyber actors who target systems at the periphery or along supply chains. Dr Janil said Singapore must start “placing our alarms” at these places. It will require CII owners to additionally report incidents that affect computers that interconnect or communicate with the CII. The Government also wants to expand the Act to regulate a new Systems of Temporary Cybersecurity Concern. It deals with the cybersecurity of ICT systems that for a time-limited period are at high risk of cyberattacks and if compromised, would have a serious detrimental effect on Singapore's national interests. Provisions will also be introduced to cover new entities that could be attractive targets for malicious threat actors. These are Entities of Special Cybersecurity Interest, such as universities. Dr Janil told the House that the Bill is calibrated to address the risks to the nation, economy and Singapore’s way of life while balancing the compliance costs. He added that the Government will continue to refine its approach in consultation with stakeholders and consider new international practices as they emerge.
Singapore is making a “major update” to its Cybersecurity Act, given the significant shifts in the digital domain, said Senior Minister of State for Communications and Information Janil Puthucheary. It will have the power to keep pace with developments in technology and business practices and respond to evolving cybersecurity challenges in the cyber threat landscape, he said in Parliament on Tuesday (May 7). This means extending the regulatory oversight to other important systems and entities, and using a risk-based approach to regulate entities for cybersecurity and administer the Act more effectively. These will strengthen Singapore’s national cybersecurity and increase trust in using online services, said Dr Janil. A key provision involves Critical Information Infrastructure (CII). Dr Janil said regulating CIIs is no longer sufficient and it is vital to update cybersecurity laws to continue to stay ahead of the curve. Dr Janil pointed out that the 2018 Act was developed to regulate CIIs as physical systems, but new technology and business models have emerged. Hence, the need to better regulate CIIs to ensure that they continue to be secure and resilient against cyber threats, whatever technology or business model they run on. Under the Bill, the meaning of computer and computer system in specified portions will include virtual computers and virtual computer systems. The new definition will make clear that the CII owner is responsible for the cybersecurity of its virtualised CII. Another provision deals with essential services from overseas. CIIs that are wholly located outside of Singapore can be designated and regulated so long as the owners are in Singapore and the computer system would have been designated as a CII under the law had it been located wholly or partly in Singapore. The law will also be updated to address malicious cyber actors who target systems at the periphery or along supply chains. Dr Janil said Singapore must start “placing our alarms” at these places. It will require CII owners to additionally report incidents that affect computers that interconnect or communicate with the CII. The Government also wants to expand the Act to regulate a new Systems of Temporary Cybersecurity Concern. It deals with the cybersecurity of ICT systems that for a time-limited period are at high risk of cyberattacks and if compromised, would have a serious detrimental effect on Singapore's national interests. Provisions will also be introduced to cover new entities that could be attractive targets for malicious threat actors. These are Entities of Special Cybersecurity Interest, such as universities. Dr Janil told the House that the Bill is calibrated to address the risks to the nation, economy and Singapore’s way of life while balancing the compliance costs. He added that the Government will continue to refine its approach in consultation with stakeholders and consider new international practices as they emerge.
Popular Shows
