S'pore beefs up cybersecurity law to allow preemptive measures

Parliament passes amendment to Computer Misuse Act to allow for government to order preemptive measures against cyberattacks, and makes non-compliance an offense with jail term of up to 10 years and fine of S$50,000.
Written by Ellyne Phneah, Contributor

Singapore's Parliament has passed the amended Computer Misuse Act, which enables the government to thwart potential cyberattacks on critical infrastructure.

According to a statement by The Ministry of Home Affairs (MHA) on Monday, the government organization is now allowed to order a person or organization to act against any cyberattack before it has begun. The law has also been renamed as the "Computer Misuse and Cybersecurity Act". 

However, due to the severity of the threat cyberattacks can pose to the country, non-compliance with this direction, or obstructing a person  from complying with the Minister's directions to him, will be made an offense which may result in a jail term of up to 10 years and a fine of S$50,000 (US$40,753). 

"The proposed legislative amendments will provide the government with greater ability to work with our stakeholders to take timely actions against cyber threats to our critical information infrastructure (CII)," the statement read. It adds these enhanced powers come with important safeguards to ensure they are used in an effective and responsible manner to protect our national interests.

The ministry had first proposed amending section 15A of the Computer Misuse Act in November, to give the government authority to order preemptive measures against planned attacks against critical national infrastructure, to strengthen their resilience against cyberthreats.

For example, once the ministry receives specific, credible intelligence on a possible attack, the minister may direct measures to be taken to "strengthen the resilience of the CII against the cyberthreat", it noted.

Land transport infrastructure, aviation, shipping and other health services will be added to the current group of services, which include communication infrastructure, banking and finance, public utilities, public transportation, public key infrastructure and emergency services, it stated.

Before the Act was revised, the Minister only had the power to exercise such powers only when there is an outright attack on the CII such as a power station or water filtration plant, which could affect the economy and threaten national security.

Editorial standards