Out-Law / Your Daily Need-To-Know

Singapore proposes stringent cybersecurity rules

11 Jul 2017, 11:06 am

All security breaches affecting critical information infrastructure (CII) in Singapore would have to be reported by the infrastructure's operators under proposed new cybersecurity laws that have been published.

CII would also be subject to regular audits, and operators would be obliged to conduct regular risk assessments, under the draft cybersecurity bill.

The maximum penalty for a CII operator in breach of the new rules would be SIN$100,000 ($72,000) or up to two years in prison.

Cybersecurity service providers in Singapore would also be subject to a new licensing regime under the new proposals, including businesses that help investigate cyber attacks. Vendors without a licence could be fined up to SIN$50,000 ($36,000) or imprisoned for up to two years.

Banking and privacy rules on sharing confidential information would be superseded by the cybersecurity bill.

"As a small nation with one of the highest levels of digital connectivity in the world, a major cyber-attack, especially if our CIIs are affected, will have significant impact on Singapore and our people," the Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore (CSA) said.

Technology law specialist Bryan Tan of Pinsent Masons MPillay, the Singapore joint venture partner of Pinsent Masons, the law firm behind Out-Law.com, said: "There is useful specificity in the bill on the categories of critical information infrastructure as well as the expected duties of CII owners. This helps organisations clearly identify their obligations."

"The question remains whether their suppliers will be made to adhere to these standards as well. In addition, the regulation of the burgeoning cybersecurity industry is useful for accountability and to give potential customers the confidence to obtain cybersecurity services," Tan said.

Awareness of the threat of cybersecurity has been rising in Singapore, and the market for cybersecurity in Singapore could grow by as much as 50% over 2017, according to research by AIG Singapore.

Businesses are becoming more aware of the reputational and financial risks of cyber breaches, particularly as Singapore increases its moves to become a Smart Nation with interconnected technology and increased automation, AIG Singapore said.