New bill passed to strengthen SG's digital defenses

The bill mandates stricter reporting requirements for owners of CII, now including incidents within their supply chains. 

A new bill aimed at strengthening Singapore’s cybersecurity defenses was passed in Parliament on Tuesday, 7 May.

In a speech at the Parliament, Senior Minister of State for Communications and Information Janil Puthucheary outlined the key changes in the Cybersecurity Amendment Bill.

“This bill will strengthen our national cybersecurity, and increase trust in using online services in Singapore and in our highly-digitalised nation,” the minister said.

Under the amended Cybersecurity Act, owners of critical information infrastructure (CII) are now required to report a broader range of incidents, including those occurring within their supply chains.

The bill also expands the regulatory scope to cover a broader range of entities, including providers of essential services, Systems of Temporary Cybersecurity Concern (STCCs), Entities of Special Cybersecurity Interest (ESCIs), and major providers of Foundational Digital Infrastructure (FDI) services.

To ensure compliance with cybersecurity obligations, the amendments empower the Cyber Security Agency of Singapore (CSA) with enhanced enforcement measures, including granting CSA the authority to conduct inspections, impose civil penalties, and prosecute offenders who misuse CSA's symbols or representations.

The 2018 enactment of the Cybersecurity Act aimed to strengthen the protection of Singapore's Critical Information Infrastructure (CII), authorise the Cyber Security Agency of Singapore (CSA) to lead in cybersecurity prevention and response, and establish a licensing framework for regulating cybersecurity service providers.

“The Cybersecurity Act has now been in force for six years. The core objectives continue to be relevant today,” said Puthucheary. “We have reviewed the Act, learning from our experiences, and taking into account changes in technology.”

He said that the proposed amendments have been developed through extensive consultation with stakeholders, including CII owners, cybersecurity professionals, industry players, and members of the public.

“As the cyber threats we face intensify, it is clear that there is agreement in this House on the timeliness of this Bill, and the need to put CSA in a better position to safeguard Singapore’s cybersecurity,” said the minister.