Cyber laws ramped up around the globe as attacks increase
SINGAPORE — Several countries have beefed up their cyber security laws in recent years amid an ever-increasing spate of cyber attacks.
SINGAPORE — Several countries have beefed up their cyber security laws in recent years amid an ever-increasing spate of cyber attacks.
Some, such as Germany and the Czech Republic, have gone the route of an omnibus cyber security law, just as Singapore is seeking to do.
Others, without a central cyber security agency, such as South Korea, have amended multiple laws to cover specific sectors. Central to such legislation is the disclosure of cyber security information by companies when they are ordered by the authorities to submit such data during an investigation into threats or attacks.
The United States, for instance, passed its Cybersecurity Information Sharing Act in 2015, which caused controversy as it could include disclosure of the personal data of citizens.
The Bill also allows the sharing of Internet traffic information with the US government.
The United Kingdom requires critical national infrastructure entities to have tested capabilities in place to respond if there is an attack.
If cyber risks are not being properly managed, the government may intervene in the interests of national security.
The British government also requires private-sector firms to share information with the authorities.
Estonia went one step further in coming up with a law requiring all essential services to maintain a minimal level of operations, if they were to be cut off from the Internet.
Currently in Singapore, there are existing laws enabling the regulators of some critical information infrastructure sectors — such as the Monetary Authority of Singapore and the Info-communications Media Development Authority — to enforce cyber security requirements, the Cyber Security Agency (CSA) pointed out.
“The situation, however, varies greatly from sector to sector, depending on the history, context, operating environment and level of technology adoption in each sector,” the CSA and the Ministry of Communications and Information (MCI) said in a public consultation paper on the draft laws they are proposing.
For instance, national water agency PUB does not currently have the authority to impose any conditions on its water suppliers as its relationship with them is only a commercial one.
But if this Cybersecurity Bill is passed, the PUB would have the powers — via the Commissioner of Cybersecurity — to enforce cyber security requirements on suppliers.
Both the CSA and MCI also said that they had considered introducing cyber security requirements and powers for every sector by amending the legislation specific to each.
“However, this would be a long and tedious process, and it may not achieve the desired outcome of a consistent cyber security framework applied across sectors,” they said.