Singapore’s upcoming Cybersecurity Bill will include policies based off submissions from citizens. Source: AP

Singapore’s Cybersecurity Bill will include citizen suggestions

SINGAPORE’S Communications and Information Ministry (MCI) says it receives a more-than-expected 92 submissions during the public consultation for its draft Cybersecurity Bill.

The public consultation, which has now closed, was launched by the MCI and the Cyber Security Agency of Singapore (CSA) in July.

Submissions came from a “wide and diverse range of stakeholder groups”, with respondents generally sharing the government’s concerns on the impact of increasingly sophisticated cyberattacks which could potentially cause major disruptions or cripple the country’s economy, said the authorities in a joint statement.

“Respondents acknowledged the timeliness and importance of the Bill in setting the necessary legislative framework for pro-active oversight and response to cyber threats and incidents,” they said.

The bill covers the protection of the country’s critical infrastructure in 11 key sectors: government, security and emergency, healthcare, telecommunications, banking and finance, energy, water, media, land transport, air transport and maritime.

In some instances, it includes penalties proposed for various cybersecurity incidents. For example, penalties for “serious cybersecurity threats and incidents” are set at S$25,000 or imprisonment of up to two years, according to the consultation paper.

Singapore’s Prime Minister Lee Hsien Loong attends the Trans-Pacific Partnership (TPP) meeting held on the sidelines of the APEC summit in Danang, Vietnam. Source: Reuters

In the statement, the agencies added: “In many cases, the people that CSA will be dealing with during cybersecurity threats and incidents will likely be the “victims” – these are the owners of computer systems that have been compromised. The penalties are not intended to penalise these owners for cybersecurity breaches,” it elaborated.

“Rather, the penalties will be levied only in cases of wilful non-compliance of instructions or wilful refusal to provide information.”

Specifically, the bill aims to provide the framework for regulation of critical infrastructure owners; give CSA the powers to manage and respond to cybersecurity threats; establish a framework for sharing of cybersecurity information with and by CSA officers, and the protection of such officers; and to introduce a lighter touch licensing framework for the regulation for selected cybersecurity service providers.