Singapore has unveiled the first draft of a proposed cybersecurity bill, which aims to provide a framework to monitor and manage the country’s cybersecurity wellbeing and empower authorities to carry out their functions.
New legislations were necessary to enable the relevant authorities to take proactive measures to protect local critical information infrastructures (CIIs) and swiftly respond to threats and incidents.
The new laws also would facilitate information sharing across critical sectors, said Singapore’s Ministry of Communications and Information (MCI) and Cyber Security Agency (CSA), in a joint statement Monday.
Because the country was one of the world’s most digital connected, serious cyberattacks would have significant impact of its CIIs were affected, they said, noting that the government had set up the CSA in April 2015 as well as unveiled a national cybersecurity strategy in moves to beef up Singapore’s security posture.
Pointing to growing cyberattacks, which also were increasingly sophisticated and damaging, they added that the recent WananCrya and Petya malware attacks were “stark reminders of Singapore’s vulnerability” to cyber threats. Furthermore, attacks worldwide had targeted utility plants, transportation networks, healthcare institutions, and other essential services, stressing the need to safeguard Singapore’s CIIs.
The proposed cybersecurity bill aimed to establish a framework to help monitor and manage national cybersecurity efforts as well as empower CSA to carry out its functions, according to the statement.
Amongst the bill’s key components was a regulatory framework targeted at CII owners, which formalised the duties of such providers in securing systems under their responsibility, including before a cybersecurity had occurred. The bill would detail CII owners’ responsibilities, which would include providing information on the technical architecture of the CII, carrying out regular risk assessments of the CII, complying with codes of practice, reporting of cybersecurity incidents.
The bill also would provide “specific powers” to CSA officers so they could more quickly deal with cybersecurity threats. The new laws also would offer a framework to facilitate the sharing of information with and by CSA officers, for the purpose of “preventing, detecting, countering or investigating” cybersecurity threats or incidents.
In addition, the bill would introduce a licensing model for the regulation of selected cybersecurity services providers, including those that offered penetration testing as well as managed security operations centre (SOC) services. According to the proposed bill, “no person [may] carry out or perform licensable investigative cybersecurity service without license”.
Commenting on the proposed bill, KPMG in Singapore’s cybersecurity head Daryl Pereira said its focus on CII aimed to “level the playing field and raise the maturity and preparedness” of all industries in the country.
Pereira noted that small and midsize businesses and sectors such as healthcare traditionally invested less money and attention into cybersecurity, compared to industries such as banking. This had prompted more attackers to target CIIs such as hospitals.
Singapore’s cybersecurity bill, hence, would increase local cybersecurity readiness and establish a robust foundation for Singapore to become a digital economy, he said.
David Siah, Trend Micro’s Singapore country manager, adde: “The new cybersecurity bill is timely given the major ransomware attacks that have occurred over the first half of the year. These attacks–vicious and contagious in nature–have served as a wakeup call across nations and organisations alike.
“The new proposals place greater emphasis on CII-related sectors such as transport, energy, and healthcare, [which are] important sectors for smart city development. As the bill lays bare what the industry needs to do, we hope it can ease the anxiety surrounding cyberattacks, decode how we can tackle the issue better, and herald a new spring for the cybersecurity industry in Singapore.”
Public feedback on the proposed bill should be submitted to CSA by August 3, 2017.
Source : Zdnet