New law will require owners of critical services to report wider range of cybersecurity incidents

Singapore’s parliament approved a bill on Tuesday ( May 7 ) that will allow for the accounting of technological changes while strengthening Singapore’s cybersecurity defenses.

Owners of critical information infrastructure ( CII ) are now required to report more incidents, including those that occur in their supply chains, as per new regulations in the Cybersecurity Act.

This is to target the “inventiveness” of destructive computer stars, said Senior Minister of State for Communications and Information Janil Puthucheary.

We may start setting warnings there as malicious actors ‘ methods and tactics change to target systems along supply chains or on the edge, he added.

Authorities will be able to regulate a new system called Systems of Temporary Cybersecurity Concern (STCC ) in accordance with the new law. These are systems that, for a time- minimal time, are at higher risk of cyberattacks, and if compromised, would harm Singapore’s regional interests.

Beyond its current regulatory framework, the Cyber Security Agency of Singapore ( CSA ) will now be able to manage businesses. Companies with a Special Cybersecurity Attention ( ESCI) are among them. &nbsp,

Attacks on ESCIs could have a” major harmful effect” on Singapore’s defence, international relations, economy, public health, people safety, or open order, because of the disruption of the work they perform, or the disclosure of sensitive information their computer devices contain, explained Dr Janil.

He warned against making the specific list of entities designated as ESCIs public, in order to avoid accidentally disclosing that they are “worthy targets” for malicious actors.

A CII will now be able to support an important service from abroad, as well as CSA. With the new changes, CSA can designate and regulate these computer systems as long as their owners reside in Singapore, and such computers would have been treated as such CIIs if they had been based there.

Tabling the Bill for a second reading, Dr Janil said that it aims to tackle” shifts in the operating context” in cybersecurity, and strengthen the administration of the Act to address “operational challenges” CSA has faced.

The Cybersecurity Act has been in effect for six years. Today, the main objectives are still relevant. We’ve reviewed the Act, learning from our experiences, and taking into account changes in technology”, he explained.

” In order to continue to ensure Singapore’s cybersecurity, a review and an update to the Act is needed as several aspects of our operating context have changed”.