Proposed changes to Cybersecurity Act of S’pore, and what triggered them

2 weeks ago 43


Apr 03, 2024, 03:25 PM


Apr 03, 2024, 03:04 PM

SINGAPORE - Amendments to the Cybersecurity Act have been tabled in Parliament on April 3 to take into account risks introduced by suppliers, outsourcing and offshoring.

Critical information infrastructure (CII) operators in the 11 essential services sectors remain answerable to the Cybersecurity Authority of Singapore (CSA) for any lapses. The sectors are: Energy, water, banking and finance, healthcare, transport (land, maritime, and aviation), infocomm, media, security and emergency services, and the Government.

Here’s a quick look at the key changes in the Cybersecurity (Amendment) Bill.

1. Securing supply chains

  • Critical information infrastructure (CII) operators must report all incidents aimed at their systems, including those managed by or are linked to their suppliers.
  • The proposal comes after major cyber attacks around the world that have targeted peripheral systems to sabotage critical services.
    • In 2019, hackers introduced malicious code into an IT monitoring tool from US software firm SolarWinds that serviced thousands of organisations. Over several months, the attackers gained access to the data of more than 30,000 public and private firms in the US.
    • In 2021, the US’ largest fuel pipeline Colon...
Read Entire Article