The Singapore Cybersecurity Act establishes a comprehensive legal framework to enhance the nation’s cybersecurity posture. The Cybersecurity Act was passed on February 5, 2018, and came into effect on August 31, 2018. It aims to build resilience against cyber threats, ensuring the safety and security of Singapore’s critical infrastructure and its citizens.
Here’s a summary of its key components:
Key Objectives:
- Strengthen Protection of Critical Information Infrastructure (CII): The Act aims to protect CIIs, which are essential services like energy, water, banking, healthcare, transport, and government services, from cyber-attacks.
- Authorize the Cyber Security Agency (CSA): The Act empowers the CSA to prevent and respond to cybersecurity threats and incidents.
- Establish Information Sharing Framework: It facilitates the sharing of cybersecurity information to help identify vulnerabilities and prevent incidents.
- Implement a Light-Touch Licensing Framework: The Act introduces a licensing framework for cybersecurity service providers, focusing on penetration testing and managed security operations center (SOC) monitoring.
Key Provisions:
- Designation of CIIs: The Act provides a framework for designating CIIs and outlines the obligations of CII owners to protect these infrastructures.
- Investigative Powers: The Commissioner of Cybersecurity is authorized to investigate cybersecurity threats and incidents to mitigate their impact.
- Information Sharing: The Act establishes protocols for the protection and sharing of cybersecurity information.
- Licensing Requirements: It mandates licensing for penetration testers and SOC monitoring providers to ensure they handle sensitive information securely.