Yaacob Ibrahim, minister for communications and information told a cybersecurity conference this week that the government has consulted with stakeholders including sector leads, potential critical information infrastructure (CII) owners, and the wider industry, and extended the public consultation period in response to interest in the legislation.
Technology law expert Bryan Tan of Pinsent Masons MPillay, the Singapore joint venture partner of Pinsent Masons, the law firm behind Out-Law.com, said: "While the delay allows the various stakeholders more time to consider the issues, the cybersecurity threat is an ever-present danger and organisations should remain on their guard and harden their digital defences even as the legislation makes its passage."
Under the under proposed bill all security breaches affecting critical information infrastructure (CII) in Singapore would have to be reported by the infrastructure's operators.
CII would also be subject to regular audits, and operators would be obliged to conduct regular risk assessments, under the draft cybersecurity bill. The maximum penalty for a CII operator in breach of the new rules would be SIN$100,000 ($72,000) or up to two years in prison.
Yaacob also announced that Singapore plans to spend SIN$1.5 million ($1.1 million) over the next three years to improve cybersecurity skills across the Association of Southeast Asian Nations (ASEAN) region.
The money will be made available from the SIN$10m ($7.4m) Asean Cyber Capacity Building Programme (ACCP), he said.
The Cyber Security Agency of Singapore (CSA) will also sign a memorandum of understanding (MOU) with Information Systems Audit and Control Association (ISACA), a professional body with members in 188 countries, Yaacob said. The collaboration will help to build a pool of cybersecurity experts, he said.
CSA and the Infocomm Media Development Authority (IMDA) have also established partnerships with PwC Singapore and PCS Security to train professionals with ICT or engineering disciplines to take on cybersecurity job roles, he said.
Other ASEAN members Indonesia and Malaysia have recently been working on their own cybersecurity skills, Yaacob said.
"We should continue stepping up similar efforts within each of our countries, so that we can collectively create a safer and trusted cyberspace, and combat cyber threats with better capabilities," Yaacob said.