SINGAPORE – Online services and applications widely used by consumers and businesses may soon have to comply with government cybersecurity rules similar to those that owners of critical information infrastructure (CII), such as systems for factories in water treatment and banks, must follow.
These rules, contained in the four-year-old Cybersecurity Act, require organizations in the critical sector to ensure the security of their information technology systems and report cyberattacks within hours, among other things.
The Cybersecurity Agency of Singapore (CSA) is reviewing existing cybersecurity regulations for the 11 CII sectors so that they also cover what it calls fundamental digital infrastructure and key digital services.
These infrastructures and services include cloud services and applications that CSA says are important in enabling Singapore’s digital economy and enabling people to lead their lives digitally.
The revision was announced by the Minister of Communications and Information, Joséphine Teo, on Friday March 4 in Parliament during the debate on the budget of her ministry.
On securing non-CII digital infrastructure and services, she said these help form the backbone of the country’s connectivity, computing and data storage needs.
If it is interrupted or compromised, there could be serious repercussions, such as the chaos of not having access to emails, websites and applications, said Ms Teo, who is also minister in charge of Smart Nation and Cybersecurity.
“Given the evolving situation in Ukraine, we need to be aware of the heightened risks,” she said.
The government will consider how to apply a risk-based approach to protect these infrastructures and services, and to recover quickly when attacked, she added.
The review will also consider extending what is considered CII beyond physical networks and systems.
With the shift to virtualization, Ms Teo said virtual assets, such as cloud-hosted systems in Singapore or elsewhere, should also be considered CIIs to be protected.
CSA said it was carrying out the review because after the Cybersecurity Act came into effect in 2018 to help maintain Singapore’s national cybersecurity, reliance on digital infrastructure and services increased significantly. .
It is also in the midst of increasing cyberattacks. Ms Teo said that between 2020 and 2021, there was a 73% increase in data breach and ransomware incidents reported here. In ransomware attacks, hackers lock digital files until a ransom is paid.
CSA said: “As Singapore goes digital, more and more organizations are at risk of cyberattacks if the necessary cybersecurity safeguards are not in place.
“CSA is therefore reviewing the Cybersecurity Act to ensure that the digital infrastructure and services we use are secure.”