Noppasinw - Fotolia

New cyber security law in the offing for Singapore

Singapore government will table new Cyber Security Bill in 2017 to strengthen its online defences

Singapore’s minister for communications and information Yaacob Ibrahim told lawmakers that the country needs updated cyber laws, and that a new Cyber Security Bill will be tabled in Parliament in 2017. 

He said the proposed bill will ensure that operators take proactive steps to secure critical information infrastructure, as well as report incidents.

During a debate on the ministry’s budget on 11 April 2016, Yaacob said the legislation will also empower the relevant authorities to manage cyber incidents and raise the standards of cyber security providers in Singapore.

Yaacob, who is also minister-in-charge of cyber security, said the new law would complement the existing Computer Misuse and Cybersecurity Act (CMCA). The CMCA grants law enforcement agencies powers to investigate and apprehend those behind cyber crime.

“Cyber attacks have increased in sophistication, and attackers have become faster and bolder,” he said.

“It is inevitable that Singapore’s critical information infrastructure will become targets. The interconnectivity in our networks also means that the effects of cyber attacks can be contagious.

Yaacob pointed out that governments worldwide have been strengthening their cyber security legislation. He cited examples of Germany and the US, which have passed new laws to enforce minimum cyber security standards for critical infrastructure operators, as well as mandates the reporting of significant cyber security incidents.

“We need to likewise strengthen Singapore’s cyber security legislation. We will commence work on developing a standalone Cyber Security Act that provides for stronger and more proactive powers,” he said.

“We are stepping up our efforts to enhance our cyber security, and also the resilience of our infrastructure. This is the necessary foundation for a successful digital economy.”

Read more about cyber security in the Asean region

“Governments and industry must collaboratively build a robust and automated information sharing architecture that is capable of turning threat indicators into widely distributed security protections in near real time,” said Sean Duca, vice-president, regional chief security officer Asia-Pacific at Palo Alto Networks, commenting on Singapore’s proposed new cyber security bill.

“The Singapore Government and other government across Asia-Pacific should ensure that there are responsible privacy protections in place, for the purpose of identifying, preventing, mitigating and responding to cyber threats, vulnerabilities and malicious campaigns,” he said.

“The faster organisations can share this information, the better we can serve to protect each other and push the cost back to the adversary. Laws should not unduly prohibit the sharing of personal information that is necessary to identify and prevent attacks.” 

Cathy Huang, research manager at IDC, said: “The government’s proposition to introduce a new cyber security law in Singapore is a standard progressive step. It is heartening to see that a new legislation will strengthen the existing cyber security laws.”

“One significant proposal is the mandated reporting of cyber threat incidents in both the public and private sectors. This is critical. Unless information on security breaches is made public, which helps to create the basis to calculate the cost of a cyber breach, devising ways to secure systems will always fall short,” she said.

Read more on Hackers and cybercrime prevention