Singapore is creating amendments to its Cybersecurity Act. With businesses relying more on cloud computing and individuals engaging in online activities, the proposed amendments are essential to protect Singapore’s digital infrastructure. Cloud and data center operators need to follow the new rule. With these amendments, the government wants to enhance cybersecurity and extend oversight beyond critical information infrastructure (CII) owners, such as banking, telecommunications, and energy companies.
“Our ability to function has become increasingly dependent on the good functioning of the digital infrastructure that underpins this connectivity. Disruptions to the functioning of digital infrastructure can also have a significant impact, given the potentially pervasive knock-on impact on the services that rely on them.” said the Cyber Security Agency of Singapore (CSA) in their consultation paper seeking public feedback on these proposed amendments.
Digital infrastructure players such as Equinix, Microsoft, Google, and Amazon Web Services may fall under the purview of the amended legislation, especially if they hold a substantial market share here. The objective is to prevent service disruptions caused by malicious cyber attacks. Organizations included in the Act may be obligated to report cyber attacks promptly or adhere to specified safety standards and will get penalties if they do not comply.
The one-month consultation period, ending on January 15, marks the initial review of the five-year-old Cybersecurity Act. Institutions collaborating on joint projects with the Singapore Government may also come under the amended law, considering their potential vulnerability to cyber attacks. The cyberattacks on them could have severe implications for defense, foreign relations, the economy, public health, safety, and order.
Systems established temporarily for international events and crisis response, such as the World Economic Forum or vaccine distribution during the COVID-19 pandemic, will also come under the Bill. Owners of these systems must adhere to CII-like rules for a specified period, with penalties for non-compliance.
The CSA proposes amendments to combat scams as part of the broader cybersecurity strategy. The unauthorized use of CSA symbols for fraudulent activities will be prohibited.
“In recent times, CSA has received reports of unauthorised persons claiming to represent CSA in order to carry out scams against members of the public,” said CSA.
