Getting your Trinity Audio player ready...
|
In the dynamic landscape of global cybersecurity, where threats evolve incessantly and technology advances at a rapid pace, nations must continuously fortify their digital defences to safeguard critical infrastructure and national interests. Recognising the paramount importance of cybersecurity in the digital age, the Cyber Security Agency of Singapore (CSA) has embarked on a journey to bolster the nation’s cyber resilience through proposed amendments to the Cybersecurity Act 2018.
The Cybersecurity Act, enacted in August 2018, has been instrumental in establishing a robust legal framework for the oversight and maintenance of national cybersecurity in Singapore. Now, for the first time since its inception, the Act is set to undergo significant revisions, signalling Singapore’s unwavering commitment to staying ahead of emerging cyber threats and technological shifts.
At the forefront of these proposed amendments is the Cybersecurity (Amendment) Bill, which was presented in Parliament on April 3, 2024. The bill aims to modernise the existing legislative framework to align with the evolving cyber threat landscape and the country’s advancing technological operating context.
Minister for Communications and Information, Mrs Josephine Teo, underscored the urgency of these updates during the Committee of Supply Debate 2024, emphasising the critical role of cybersecurity in safeguarding the digital infrastructure and services that underpin Singapore’s digital economy.
The proposed amendments encompass a multifaceted approach to enhancing Singapore’s cyber resilience. One of the key provisions is the expansion of CSA’s oversight beyond Critical Information Infrastructure (CII) to encompass Systems of Temporary Cybersecurity Concern (STCCs). This expansion reflects the recognition that certain systems may be at heightened risk of cyberattacks during temporary events or circumstances, necessitating proactive cybersecurity measures to mitigate potential disruptions.
Furthermore, the proposed amendments introduce two new classes of regulated entities: Entities of Special Cybersecurity Interest (ESCI) and Foundational Digital Infrastructure (FDI). ESCIs, which include organisations holding sensitive information or performing critical functions of national interest, will be subject to tailored cybersecurity regulations to mitigate risks associated with their operations.
Similarly, companies providing foundational digital infrastructure services, such as cloud service providers and data centres, will bear cybersecurity responsibilities commensurate with their pivotal role in Singapore’s digital ecosystem.
A cornerstone of the proposed amendments is the reinforcement of cybersecurity obligations for owners of Critical Information Infrastructure (CII). Despite embracing new technological and business models, such as cloud computing, CII owners will remain responsible for the cybersecurity and cyber resilience of their systems. The bill mandates broader incident reporting requirements for CII owners, encompassing incidents within their supply chains. This holistic approach aims to enhance CSA’s situational awareness and facilitate proactive cybersecurity measures to safeguard essential services.
In addition to legislative revisions, CSA has prioritised stakeholder engagement and consultation throughout the amendment process. Extensive consultations, initiated in 2022, solicited feedback from diverse stakeholders, including industry experts, government agencies, and the public. Public feedback sessions conducted through the REACH website between December 15, 2023, and January 15, 2024, provided valuable insights that were diligently considered and integrated into the proposed amendments.
Beyond regulatory enhancements, CSA has leveraged technological innovations to bolster Singapore’s cyber resilience. Notably, remote sensing satellites have been employed to gather precise data on water quality, enabling comprehensive monitoring of water resources and coastal environments. Additionally, ongoing efforts to enhance the SEKAR national database, which houses various scientific collections, underscore Singapore’s commitment to leveraging technology for biodiversity conservation and environmental stewardship.
As Singapore navigates the complexities of the digital age, the proposed amendments to the Cybersecurity Act 2018 stand as a testament to the nation’s proactive approach to cybersecurity governance. By fostering collaboration, embracing innovation, and fortifying regulatory frameworks, Singapore is poised to strengthen its cyber resilience and emerge as a global leader in cybersecurity.