The Singapore government has renewed its emphasis on cybersecurity due to the increase in incidents affecting the private and public sectors both domestically and around the world. As a result, Singapore set up its Cyber Security Agency (CSA) on April 1, 2015, to oversee strategy, education, outreach and industry development. On April 11, 2016, Dr. Yaacob Ibrahim, Minister for Communications and Information, announced that the government would develop a Cybersecurity Act (Cybersecurity Bill), which is expected to be tabled in Parliament next year.
The draft of the Cybersecurity Bill has not been circulated. However, Dr. Yaacob outlined four possible features: assurance that critical information infrastructure (CII) (e.g., energy, water, transportation, government, media, finance, security and emergency services) operators are proactive in maintaining cybersecurity; a mandatory reporting requirement for security breaches; wider powers for the CSA to manage cybersecurity incidents; and higher standards for cybersecurity providers.
While the Cybersecurity Bill is expected to target CII operators, businesses dealing with CII operators could be affected as businesses may be required to cooperate with CII operators when there is a breach. Therefore, businesses may need to plan for how they will support CII operators in the event of an incident. CII operators should pay particular attention to mandatory reporting obligations, as compliance measures addressing cybersecurity incidents will have to be introduced to ensure effective reporting. Given the increasing prevalence of cybersecurity incidents, businesses will need to mitigate risks and train their personnel with regard to managing and dealing with cybersecurity risks and incidents.