Singapore Works on New Legislation to Classify Data Centers as Critical Infrastructure

Singapore Works on New Legislation to Classify Data Centers as Critical Infrastructure

TechSpot’s 25th Anniversary and Trusted Tech Analysis

TechSpot is celebrating its 25th anniversary, marking a milestone as a source of reliable tech analysis and advice that can be trusted.

Singapore’s Stricter Cybersecurity Measures for IT Providers

In a significant development, Singapore is planning to expand its stringent governmental control over critical technological infrastructures. The city-state aims to extend its oversight to encompass additional information technology service providers considered ‘important’. This move comes with an effort to amend the Cybersecurity Bill, initially passed in 2018, to impose new requirements on third-party companies that offer essential tech services. Singapore has launched a public consultation to receive input on the bill amendment, which will remain open for feedback until January 15, 2024.

Updating Cybersecurity Oversight in Response to Evolving Threats

Since the enactment of the original Cybersecurity Act, which empowers the Cyber Security Agency of Singapore (CSA) with oversight of the nation’s cybersecurity, there has been a continuous evolution in both cyber-threat landscapes and business environments. As Singapore stands out globally for its highly digital connection, there is an increasing need for enhanced connectivity, computing, and data storage services. Recognizing these emerging needs, the Singaporean government, via CSA, is looking to update its scope of cybersecurity supervision to include not just Critical Information Infrastructure (CII) but additional “important systems and infrastructure” as well. Various sectors, such as energy, water, banking, finance, healthcare, transport, and national services, are identified as providers of CII services under the existing Cybersecurity Act.

Proposed Additions to Singapore’s Cybersecurity Legislation

The proposed amendment introduces the concept of “foundational digital infrastructure,” to stand alongside CII, specifically targeting data centers and cloud computing services within Singapore. Operators within this category would be subjected to binding requirements to continuously deliver services and effectively safeguard against cyber threats. The amendment anticipates these providers to report cyber incidents to Singaporean authorities expeditiously and fulfill any requests from Commissioner David Koh for audits and information regarding the design of data centers. CSA would be vested with the power to perform onsite inspections to ensure compliance is met.

Consequences for Non-Compliance and Public Feedback Encouraged

Organizations not adhering to these compliance requirements would face fines or other penalties as specified in the amendment. Even temporary systems set up for significant events would need to comply with such regulations for a full year. As part of the collaborative process, CSA is calling on the public and industry stakeholders to submit their opinions and comments via the online Feedback on the Cybersecurity (Amendment) Bill form.

Read More