Out-Law News 1 min. read

Singapore Government strengthens cyber attack prevention laws


The government in Singapore will be able to compel businesses to take action in order to prevent cyber attacks on computer systems in certain circumstances after amendments were made to the country's computer misuse laws.

Under the Computer Misuse and Cybersecurity Act (10-page / 57KB PDF), Singapore's Minister of Home Affairs will be able to order any organisation or person to "take such measures or comply with such requirements as may be necessary to prevent, detect or counter any threat to a computer or computer service or any class of computers or computer services" when they are "satisfied that it is necessary for the purposes of preventing, detecting or countering any threat to the national security, essential services or defence of Singapore or foreign relations of Singapore".

'Essential services' is defined as either "services directly related to communications infrastructure, banking and finance, public utilities, public transportation, land transport infrastructure, aviation, shipping, or public key infrastructure", or "emergency services such as police, civil defence or health services", under the Act.

The amended law has been drafted in such a way as to give widespread scope to the minister over the actions it can order businesses to undertake, but the law also contains examples of the kind of measures that could be imposed.

Businesses may be ordered to provide officials with information that could be used to "identify, detect or counter" the threat of cyber attacks, such as details of the design or security of computer systems they operate.

Businesses may also be required to give officials access to "real-time information" recorded on their systems in order to "identify, detect or counter" a threat. In addition, they could also be required to provide officials with details of any breach or attempted breach of their systems.

Individuals who, without a "reasonable excuse", fail to comply with a ministerial order under the Act, or who obstruct others from complying with any order, could face imprisonment for up to 10 years and a fine of up to SIN$50,000 (£25,000).

The amendments were first proposed in November. At the time Singapore's Ministry of Home Affairs said that they were being sought "in view of the increasing prevalence of cyber threats". The changes would, it claimed, make Singapore's critical information infrastructure' (CII) "robust and resilient against cyber attacks ... in line with similar moves by other countries".

"Cyber attacks worldwide have increased in frequency, speed and sophistication," the Ministry said in November. "They are difficult to detect, and often occur without early warning. Prompt and effective action must be taken to avert such threats well before they endanger our CII."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.