The amendment to the Cybersecurity Act 2018 will require companies that provide digital infrastructure services that are "foundational to our economy or way of life" to shoulder responsibility for the cybersecurity of such digital infrastructure.

The Cybersecurity (Amendment) Bill was tabled in parliament on Apr. 3, 2024.

The bill will update existing provisions relating to the cybersecurity of critical information infrastructure (CII) and expand the Cyber Security Agency of Singapore's (CSA) oversight to cover the cybersecurity of Systems of Temporary Cybersecurity Concerns.'

The CII sectors are energy, water, banking and finance, healthcare, transport (land, maritime and aviation), Infocomm, media, security and emergency services, and government.

CSA stated that the objective of the proposed bill is to update the Cybersecurity Act to keep pace with the developments in the cyber threat landscape and evolving technological operating context.

Minister for Communications and Information Josephine Teo said during the Committee of Supply debate in 2023 that the CSA sought to amend the Act to reflect the increasing importance of ensuring the cybersecurity of the digital infrastructure and services that power Singapore's digital economy and enable citizens to meet their daily.

Key aspects of the bill

CSA outlined a key aspect of the bill to ensure that CII owners remain responsible for their cybersecurity and cyber resilience even as they embrace new technological businesses and models.

CII owners will be required to report more types of incidents so that CSA can have better situational awareness of cybersecurity threats that could potentially cause disruptions to essential services and work.

CSA will also work with CII owners more proactively to secure essential services.

The bill will allow CSA to proactively secure systems of temporary cybersecurity concern, like computer systems critical to Singapore and at a high risk of cyberattacks due to certain events or situations.

Under the amendments, the bill will allow CSA to designate and regulate entities of special cybersecurity interest, like autonomous universities for cybersecurity if they hold sensitive information or perform functions of national interests.

This is when their disruptions could cause potential adverse effects on the defence, foreign relations, economy, public health, public safety, or public order of Singapore.

Top photo via Canva