Updated
Apr 03, 2024, 02:58 PM
Published
Apr 03, 2024, 02:39 PM
SINGAPORE - Essential services operators in Singapore must declare cyber-security outages and attacks faced by suppliers, as well as require these suppliers to provide contractual assurances, as part of proposed changes to the Cybersecurity Act tabled on April 3.
The authorities can also require organisers of major events here and autonomous universities to disclose their cyber-security measures under the Cybersecurity (Amendment) Bill.
The Cyber Security Agency of Singapore (CSA) said that the Bill – the first change to the Act since it came into force in 2018 – seeks to expand its oversight over critical information infrastructure (CII) as threats can often be obscured with increased digitalisation.
“The key aspect of the Bill is that it will ensure that CII owners remain responsible for the cyber security and cyber resilience of the CII, even as they embrace new technological and business models, like the use of cloud computing,” said CSA. “CII owners will also be required to report more types of incidents, such as those that happen in their supply chains.”
The critical sectors are: energy, water, banking and finance, healthcare, transport (land, maritime, and aviation), infocomm, media, security and emergency services, and the Government.
The changes will expand CSA’s oversight of CII and any linked third-party systems, as well as levers to audit the d...