Corporate Partners

Singapore Government amends the Computer Misuse Act

When it comes to framing new laws or adopting new technologies, Singapore is always on the forefront.

The Government in Singapore has recently announced changes in a law that gives it sweeping powers over cyber space in times of cyber attacks on the country's information assets.

This is the Computer Misuse Act, now renamed the Computer Misuse and Cybersecurity Act. The Act was passed on 14 January and it gives the Home Minister extensive powers over cyber space to defend the country's critical information infrastructure (CII).

The government defines "Critical information infrastructure" (or CII) as systems which are necessary for the delivery of essential services to the public in various key sectors. These sectors include energy, water, finance and banking, government, healthcare, infocomm, security and emergency services, and transportation.

"Cyber attacks on CII pose a real and present danger to all countries," said the government in its statement. "Singapore is not immune to cyber threats. We are a highly inter-connected nation. As of 2011, 85% of Singapore households had access to broadband at home, while 81% of businesses used the Internet. With cyberspace being essential to many aspects of our lives, we are vulnerable in many ways to any breaches. In fact, we too have been the target of cyber attacks in recent years. For example, in the lead-up to the APEC 2009 meetings held in Singapore, there were at least seven waves of malicious email attacks which targeted members of the APEC Organising Committee and APEC delegates from various countries. While these attacks did not target our CII, they are indicative of the potential for future attacks against other Singapore targets."

The amendments to Section 15 of the Act now state that the relevant minister can order a CII-related person or organisation to "take measures or comply with requirements necessary to prevent, detect or counter a threat to the national security, essential services, defence or foreign relations of Singapore".

Such requirements may include data breach reporting, or supplying technical information including network design architecture, firewall rules, and software algorithms in order to provide early-warning of an attack or help deal with an ongoing threat.

The new law enables the Ministry of Home Affairs to be "proactive" and take "upstream action against a threat before it materialises to cause any harm".

The statement also made it clear that non-compliance offences will be punishable with a fine not exceeding $50,000 (US$40,000) or imprisonment for a term not exceeding 10 years or both.

According to local media reports and commentaries, "the wording of the law allows a very broad interpretation of the circumstances in which the Government may exercise its power."

One commentator has said this law "potentially gives a rogue government the powers to order Internet service providers (ISPs) to shut down the Internet "in the nation's interests".

Several lawmakers in the Parliament of Singapore have already raised their concerns on the law's broad sweep. Second Minister for Home Affairs S. Iswaran said it was not possible for the government to define the triggers for the application of this law "given the rapidly evolving nature and complexity of the threat".

Join the CSO newsletter!

Error: Please check your email address.

Tags securitygovernmentlegislation

More about APEC

Market Place