Singapore's cybersecurity amendments opens questions on compliance

The government is proposing the word "cybersecurity" be included in the country's Computer Misuse Act. It will also harden the legislation to include pre-emptive actions.
Written by Bryan Tan, Contributor

In a bid to harden Singapore's cyberdefense, the government has proposed upgrades to its Computer Misuse Act.

To signify the change in tack, the Computer Misuse Act will be renamed Cybersecurity Act. The new Section 15A will now cover detection in addition to prevention and countering of threats which affect Singapore's national security, essential services, defense, or foreign relations.

The amendments also make provisions for the Minister to ask for information on the design, configuration, operation or security of any computer, computer program or computer service. Some balance has been added in requiring compliance, unless with reasonable excuse.

Similar legislation has been bandied in other countries in various forms by governments wanting to take even more aggressive pre-emptive steps. One of the issues is who will bear the cost of such compliance, if it requires significant efforts to provide such information. This has not been answered.

Another issue would be whether detection would include the examination of personal e-mail of senior military and government officials, in the vein of the e-mail scandals affecting Generals Petraeus and Allen in the United States, since these would very much impact the country. Interesting days lie ahead for the Singapore Parliament to debate the amendments.

Editorial standards