Singapore has unveiled the first draft of a proposed cybersecurity law, which aims to provide a framework to monitor and manage the country’s cybersecurity wellbeing and empower authorities to carry out their functions.
New legislations were necessary to enable the relevant authorities to take proactive measures to protect local critical information infrastructures (CIIs) and swiftly respond to threats and incidents. The new laws also would facilitate information sharing across critical sectors, said Singapore’s Ministry of Communications and Information (MCI) and Cyber Security Agency (CSA), in a joint statement Monday.
Because the country was one of the world’s most digital connected, serious cyberattacks would have significant impact of its CIIs were affected, they said, noting that the government had set up the CSA in April 2015 as well as unveiled a national cybersecurity strategy in moves to beef up Singapore’s security posture.
Pointing to growing cyberattacks, which also were increasingly sophisticated and damaging, they added that the recent WananCrya and Petya malware attacks were “stark reminders of Singapore’s vulnerability” to cyber threats. Furthermore, attacks worldwide had targeted utility plants, transportation networks, healthcare institutions, and other essential services, stressing the need to safeguard Singapore’s CIIs.
The proposed cybersecurity bill aimed to establish a framework to help monitor and manage national cybersecurity efforts as well as empower CSA to carry out its functions, according to the statement.
Amongst the bill’s key components was a regulatory framework targeted at CII owners, which formalised the duties of such providers in securing systems under their responsibility, including before a cybersecurity had occurred. The bill would detail CII owners’ responsibilities, which would include providing information on the technical architecture of the CII, carrying out regular risk assessments of the CII, complying with codes of practice, reporting of cybersecurity incidents.
The bill also would provide “specific powers” to CSA officers so they could more quickly deal with cybersecurity threats. The new laws also would offer a framework to facilitate the sharing of information with and by CSA officers, for the purpose of “preventing, detecting, countering or investigating” cybersecurity threats or incidents.
In addition, the bill would introduce a licensing model for the regulation of selected cybersecurity services providers, including those that offered penetration testing as well as managed security operations centre (SOC) services. According to the proposed bill, “no person [may] carry out or perform licensable investigative cybersecurity service without license”.
Commenting on the proposed bill, KPMG in Singapore’s cybersecurity head Daryl Pereira said its focus on CII aimed to “level the playing field and raise the maturity and preparedness” of all industries in the country.
Pereira noted that small and midsize businesses and sectors such as healthcare traditionally invested less money and attention into cybersecurity, compared to industries such as banking. This had prompted more attackers to target CIIs such as hospitals.
Singapore’s cybersecurity bill, hence, would increase local cybersecurity readiness and establish a robust foundation for Singapore to become a digital economy, he said.
David Siah, Trend Micro’s Singapore country manager, adde: “The new cybersecurity bill is timely given the major ransomware attacks that have occurred over the first half of the year. These attacks–vicious and contagious in nature–have served as a wakeup call across nations and organisations alike.
“The new proposals place greater emphasis on CII-related sectors such as transport, energy, and healthcare, [which are] important sectors for smart city development. As the bill lays bare what the industry needs to do, we hope it can ease the anxiety surrounding cyberattacks, decode how we can tackle the issue better, and herald a new spring for the cybersecurity industry in Singapore.”
Public feedback on the proposed bill should be submitted to CSA by August 3, 2017.
SINGAPORE TO COLLABORATE WITH GERMANY IN CYBERSECURITY
In a separate announcement, CSA said it had inked a joint declaration with Germany to boost cybersecurity collaboration between both countries.
This encompassed cooperation in areas such as joint training and research, sharing of best practices, and regular information sharing. Both nations also pledged to promote voluntary norms of responsible state behaviour in cyberspace.
By: Eileen Yu for By the Way, July 10, 2017
Photo credit: Bloomberg
Orginally posted at: http://www.zdnet.com/article/singapore-unveils-first-look-at-new-cybersecurity-laws/
Ready to protect your data? What You Can Do:
- Immediately, install a FREE 30-day Trial of EZProtect Antivirus and connect it to your Salesforce org(s) to start scanning files, document uploads, or chatter for viruses or malicious content. Once this is complete, you will have a sense of how many files your organization scans per month and you will be well poised to convert to a paid plan.
- You may also download the full brochure with FAQs and schedule a demo to better understand how the tool works inside and outside of Salesforce by visiting www.adaptus.com/portfolio/ezprotect/.
- Or call 800-955-0573 to request a demo.