Singapore has released its first draft of a proposed cybersecurity bill, which aims to provide a framework to monitor and manage the country’s cybersecurity wellbeing and empower authorities to carry out their functions.
Government officials say the new laws are necessary to take proactive measures to protect local critical information infrastructures and swiftly respond to threats and incidents.
The new laws would facilitate information sharing across critical sectors as well as help to monitor and manage national cybersecurity efforts and empower the Cyber Security Agency (CSA) to carry out its functions.
Among the bill’s key components was a regulatory framework targeted at CII owners, which formalized the duties of such providers in securing systems under their responsibility, including before a cybersecurity had occurred. The bill would detail CII owners’ responsibilities, which would include providing information on the technical architecture of the CII, carrying out regular risk assessments of the CII, complying with codes of practice, reporting of cybersecurity incidents.
The bill also would provide “specific powers” to CSA officers so they could more quickly deal with cybersecurity threats. The new laws also would offer a framework to facilitate the sharing of information with and by CSA officers, for the purpose of “preventing, detecting, countering or investigating” cybersecurity threats or incidents.
The bill would also introduce a licensing model for the regulation of selected cybersecurity services providers, including those that offered penetration testing as well as managed security operations centre (SOC) services. According to the proposed bill, “no person [may] carry out or perform licensable investigative cybersecurity service without license”.