SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
IT Infrastructure
#
Banking
Singapore Govt seeks feedback on cybersecurity bill for critical information infrastructure
Tue, 11th Jul 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Singapore's Ministry of Communication and Information (MCI) and the Cyber Security Agency of Singapore (CSA) are seeking feedback on a proposed cybersecurity bill that will place security breach prevention responsibilities on those that own and operate critical information infrastructure (CII).

CII includes computer systems essential to continuous service delivery of Singapore's essential services. For the purposes of this Bill, there are eleven CIIs:  Banking and finance, energy, government, healthcare, infocomm, land transport, maritime, media, secutiry and emergency services and water.

According to Check Point, the most significant measure listed in the Bill is that CII senior executives are no accountable for security incidents, with more oversight from the CSA.

"A licensing framework for the regulation of penetration testing and managed security service providers to ensure that only licensed vendors provide such services will also be introduced. Once again, the Singapore government is on the forefront of providing the legal framework for investigations into and responses for all cybersecurity incidents," Check Point explains.

KPMG Singapore's head of cyber security, Daryl Pereira, says that SMEs and healthcare have been somewhat ignored as the banking sector takes the security limelight.

He believes this gap has allowed attackers to go after CII such as healthcare providers and hospitals.

“The proposed Cybersecurity Bill, specifically the framework for the protection of CII, seeks to level the playing field and raise the maturity and preparedness of all sectors in Singapore to a common baseline,” he says.

“This Cybersecurity Bill will help to form a strong foundation for Singapore to transform itself into a digital economy, powered by innovation and enabled by cybersecurity readiness.

According to Check Point, each CII owner is expected to comply with measures.

"These include undertaking regular risk assessments and engaging with approved third parties for the purpose of system audits. Should the CII owners not possess the required skills internally, it will be necessary to undergo the necessary training and/or hire individuals with the desired skill sets," Check Point states.

It should be noted that the measures imposed by the Cyber Security Bill fall mainly within the scope of governance, risk management and compliance (GRC) activities. This aims to ensure each CII owner will perform the necessary due diligence to safeguard the security of the critical infrastructure we depend on. CII owners will also be expected to work collaboratively with the Commissioner of Cyber Security," Check Point continues.

The bill says that as cyber attacks become faster and sophisticated, Singapore is vulnerable to threats such as ransomware and the APT attacks that hit two of the country's universities.

“Around the world, attacks on systems that run utility plants, transportation networks, hospitals and other essential services are growing. Successful attacks can and have resulted in significant financial losses and disruptions to daily lives. Hence, the protection of our Critical Information Infrastructure (CIIs) which are necessary for the continuous delivery of Singapore's essential services is a cornerstone of the proposed Bill,” MCI states.

MCI remains committed to Singapore's cybersecurity: In April 2015 the Government launched CSA and in October 2016, Prime Minister Lee Hsien Loong launched the country's Cybersecurity Strategy.

The proposed bill aims to accomplish four tasks:

  • To provide a framework for CII owners (CIIOs). CIIOs will become responsible for CIIs under their care before an incident has occurred. The government believes this will also empower sector leads to raise cybersecurity levels in their own sectors.
  • To give CSA powers to manage and respond to cybersecurity threats and incidents. CSA will be able to take charge of threats, rather than going through a Minister to authorise specific powers.
  • To provide a framework for information sharing and its protection through CSA. CSA will be able to share information with relevant stakeholders to prevent, detect, counter or investigate security threats or incidents
  • To regulate ‘selected' cybersecurity providers with a ‘light-touch licensing framework'. Specifically, the bill seeks to licence penetration testing and security operations centre services. The move is not to stifle competition, but to provide greater safety and security services to consumers, address conflicting industry information and improve security provider standards.

Public consultations are open now and close on August 3, 2017 at 5pm. Interested parties can find out more from reach.gov.sg and csa.gov.sg.

Related stories
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Legit Security announces strategic partnership with GuidePoint Security
Wavelink partners with Orca Security to enhance cloud security
Fortinet upscales OT & CI cybersecurity in Asia-Pacific
Five top concerns in private cloud visibility
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds