[BreachExchange] New cyber security law in the offing for Singapore

[Audrey McNeil]

http://www.computerweekly.com/news/450298922/New-cyber-security-law-in-the-offing-for-Singapore

Singapore’s minister for communications and information Yaacob Ibrahim told
lawmakers that the country needs updated cyber laws, and that a newCyber
Security Bill will be tabled in Parliament in 2017.

He said the proposed bill will ensure that operators take proactive steps
to secure critical information infrastructure, as well as report incidents.

During a debate on the ministry’s budget on 11 April 2016, Yaacob said the
legislation will also empower the relevant authorities to manage cyber
incidents and raise the standards of cyber security providers in Singapore.

Yaacob, who is also minister-in-charge of cyber security, said the new law
would complement the existing Computer Misuse and Cybersecurity Act (CMCA).
The CMCA grants law enforcement agencies powers to investigate and
apprehend those behind cyber crime.

“Cyber attacks have increased in sophistication, and attackers have become
faster and bolder,” he said.

“It is inevitable that Singapore’s critical information infrastructure will
become targets. The interconnectivity in our networks also means that the
effects of cyber attacks can be contagious.

Yaacob pointed out that governments worldwide have been strengthening their
cyber security legislation. He cited examples of Germany and the US, which
have passed new laws to enforce minimum cyber security standards for
critical infrastructure operators, as well as mandates the reporting of
significant cyber security incidents.

“We need to likewise strengthen Singapore’s cyber security legislation. We
will commence work on developing a standalone Cyber Security Act that
provides for stronger and more proactive powers,” he said.

“We are stepping up our efforts to enhance our cyber security, and also the
resilience of our infrastructure. This is the necessary foundation for a
successful digital economy.”

“Governments and industry must collaboratively build a robust and automated
information sharing architecture that is capable of turning threat
indicators into widely distributed security protections in near real time,”
said Sean Duca, vice-president, regional chief security officer
Asia-Pacific at Palo Alto Networks, commenting on Singapore’s proposed new
cyber security bill.

“The Singapore Government and other government across Asia-Pacific should
ensure that there are responsible privacy protections in place, for the
purpose of identifying, preventing, mitigating and responding to cyber
threats, vulnerabilities and malicious campaigns,” he said.

“The faster organisations can share this information, the better we can
serve to protect each other and push the cost back to the adversary. Laws
should not unduly prohibit the sharing of personal information that is
necessary to identify and prevent attacks.”

Cathy Huang, research manager at IDC, said: “The government’s proposition
to introduce a new cyber security law in Singapore is a standard
progressive step. It is heartening to see that a new legislation will
strengthen the existing cyber security laws.”

“One significant proposal is the mandated reporting of cyber threat
incidents in both the public and private sectors. This is critical. Unless
information on security breaches is made public, which helps to create the
basis to calculate the cost of a cyber breach, devising ways to secure
systems will always fall short,” she said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160705/920fef9d/attachment.html>