Singapore's Ministry of Home Affairs (MHA) is proposing to amend a section in the Computer Misuse Act to give the government broader powers to curb cyberattacks before they are even initiated against its critical infrastructure.
According to a statement issued by the MHA Monday, the Computer Misuse (Amendment) Bill seeks to change Section 15A to give the government powers to order an organization or individual to act against a cyberattack targeting national critical information infrastructure--even before the attack is carried out.
"Cyberattacks worldwide have increased in frequency, speed and sophistication. They are difficult to detect, and often occur without early warning. Prompt and effective action must be taken to avert such threats well before they endanger our national critical information infrastructure (CII)," the ministry said.
For example, once the ministry receive specific, credible intelligence on a possible attack, the Minister may direct measures to be taken to "strengthen the resilience of the CII against the cyber threat", it noted.
The Act currently endows the Minister the power to exercise such powers only when there is an outright attack on the CII such as a power station or water filtration plant, which could affect the economy and threaten national security.
Besides granting the government the authority to take preemptive measures, the amendment also broadens the definition of "essential services" which forms the CII, the MHA noted.
Land transport infrastructure, aviation, shipping and other health services will be added to the current group of services, which include communication infrastructure, banking and finance, public utilities, public transportation, public key infrastructure and emergency services, it stated.
As part of these changes, the MHA has proposed to rename the law to the Computer Misuse and Cybersecurity Act.
"This will better reflect the objective of Section 15A to secure our CII against cyber threats that may endanger national interests or national security, in addition to other existing provisions in the Computer Misuse Act dealing with computer offences such as unauthorized access and misuse of computer systems," it explained.