Consumer and business-oriented online services and applications may soon be required to meet government cyber-security requirements similar to those that apply to owners of critical information infrastructure (CII), such as water treatment facilities and banks. These requirements, which were enacted four years ago under the Cybersecurity Act, require critical sector organizations to safeguard the security of their information technology systems and to disclose cyber intrusions within hours, among other things.
Singapore’s Cyber Security Agency is evaluating current cyber-security legislation for the 11 CII sectors to ensure that they also protect “foundational digital infrastructure and important digital services,” according to the agency. Cloud services and applications, for example, are vital in enabling Singapore’s digital economy and letting individuals to go about their daily lives online, according to the CSA. The Cybersecurity Act creates a legislative framework for Singapore’s national cybersecurity monitoring and maintenance. Since its inception, people have been more reliant on digital infrastructure and services. As Singapore becomes increasingly digital, more businesses are at danger of cyber-attacks if the proper cybersecurity precautions are not implemented. As a result, the CSA is revising the CS Act to safeguard the security of the digital infrastructure and services we use.
CIIs, which facilitate the supply of basic physical services like water and power, have been the focus of the CS Act thus far. In the future, the CSA will look at strengthening the CS Act to increase awareness of dangers in Singapore’s cyberspace and to safeguard virtual assets as CII if they serve important services. In addition to the CIIs, the CS Act will be reviewed to include core digital infrastructure and crucial digital services, such as applications, that are critical to enabling our Digital Economy and sustaining our Digital Way of Life. The Cybersecurity Act establishes a framework for CII designation, and CII Owners in each of the 11 essential sectors are expected to follow the CCoP2’s mandated cyber hygiene standards to ensure that the CII sectors have a solid cybersecurity foundation. As an amendment to the CCoP, a set of obligatory Operational Technology (OT)-specific cybersecurity principles was created with the goal of improving the status of cybersecurity for OT CII.
However, as cyber-attacks advance and become more sophisticated, basic cyber hygiene policies may no longer be adequate to protect CII Owners against such risks. Ransomware, in particular, has grown into a large, systemic danger that may jeopardize national security and impair key services. Furthermore, every CII sector has cybersecurity concerns unique to its digital terrains, such as cloud migration or the adoption of 5G technology. Generic cyber hygiene standards across important industries would be unable to counter such unique threats. CSA has released a series of tool kits for businesses, according to OpenGov Asia, that guide cybersecurity concerns for senior corporate executives, SMEs owners, and staff. The new toolkits make cybersecurity easier to understand and allow organizations to make more educated decisions about security, system usability, and cost.
The toolkit for corporate executives and SME owners will focus on the commercial reasons for investing in cybersecurity, such as rationalizing cybersecurity investments and how cultivating a cybersecurity culture can help organizations realize the advantages of digital transformation. The program is part of the Safer Cyberspace Masterplan, which was introduced last year. The master plan was created in collaboration with the cybersecurity sector and academics in order to improve Singapore’s overall cybersecurity for individuals, communities, businesses, and organizations. Securing Singapore’s basic digital infrastructure, protecting cyberspace operations, and enabling a cyber-savvy populace are all key areas of concern.