Singapore has amended the Cybersecurity Act to ensure that it is updated with the current trend of people facing online threats in multiple forms. At the core is the basic requirement of reporting incidents to relevant authorities. Other layers highlight that the region’s cybersecurity agency now has more power to regulate critical infrastructure along with third parties.
The update to the Act was made on May 07, 2024, and now takes into account more than a single aspect. For instance, it explores the impact of running CI management systems on cloud infrastructure. This became essential because operators have now outsourced some portion of their functions to third parties and cloud providers. Janil Puthucheary, the Senior Minister for the Singapore Ministry of Communications, has acknowledged this in their speech before the parliament of the country, adding that there is a need to hold service providers accountable for their actions.
They have also illuminated the need to update or amend the Act by stating that it was originally constituted around physical systems. However, the sphere has transitioned to housing new technology and business models, making it necessary to introspect and make necessary amendments.
Singapore continues to support the Cyber Security Agency, CSA. Donny Chong, the Product Director at Nexusguard, has said that all the updates were released only after extensive outreach to citizens, CI providers, and legal experts. Donny also stated that the rising incidents in the segment are a cause of worry not only for authorities but also for citizens.
A sign of relief is evident from the fact that companies are becoming aware of such incidents and how they can severely impact their reputation and functions. Therefore, support for amendments to stronger regulations was seamlessly registered.
The original version of the Act had fewer power levels for authorities. This included managing the nation’s cybersecurity prevention and response programs. A change in the landscape of cloud service and critical infrastructure drove CSA to the extreme end of moving ahead with time. Cloud service has essentially challenged the model of having physical systems on-premise or being owned entirely (or controlled) by the CI owner.
Per the amendment, businesses and infrastructure operators are divided into five categories: non-provider-owned CI, provider-owned CI, entities of special cybersecurity interest, foundational digital infrastructure—also known as FDI—and owners of systems that are of temporary cybersecurity concern.
Organizations are now legally bound to undertake risk assessments, audits, report incidents about cybersecurity, and require contract language for third parties. CSA has expressed commitment to operationalizing the new incident reporting requirements. Lim Chong Kin, the Managing Director at Drew & Napier, has proposed this aspect.
Simply put, the landscape of cybersecurity is changing at a faster pace. There is a need to move with time and make necessary amendments before it goes on to affect users at a macro level. Singapore has crafted updates to the Cybersecurity Act and is committed to backing the Cyber Security Agency.
What is your reaction?
