Singapore Critical Information Infrastructure Bill

The Singapore Critical Information Infrastructure (CII) bill is poised to reshape how cybersecurity is handled in the small Southeast Asian nation. The proposed law, drafted by the country’s Ministry of Communications and Information and the Cyber Security Agency (CSA), is set to go into effect in 2018 and usher in stricter cybersecurity rules for operators of computer systems deemed to be “critical information infrastructure.”

CII Bill Facts

The new law defines CII as a computer or computer system that is necessary for the continuous delivery of essential services which Singapore relies on for providing national security, defense, foreign relations, economy, public health, public safety or other public services. CIIs may be public or privately owned and located entirely or partially in Singapore.

Operators of CIIs would be required to comply with the law’s requirements for privacy, storage and transmission of personal information. The law would require periodic audits of infrastructure managers and regular risk assessments of designated networks to help ensure the security of critical information.

Read the full text of the draft Cybersecurity Bill.

Compliance Requirements

The CII bill will require enhanced security measures for critical infrastructure and is intended to provide a uniform framework of rules and regulations for operators of critical systems in Singapore. Operators of CIIs will be required to maintain their networks in accordance with the law, both before, during and after a security breach or incident has occurred.

The bill also would the CSA to manage and oversee the maintenance of cybersecurity in Singapore in an effort to help minimize the risks of cyber threats and ensure that the country can better deal with cyber attacks.

The CSA would be authorized to obtain information from infrastructure operators to determine if their systems meet the criteria for CII designation.

Operators of CII would be required to:

  1. Provide the commission with information on the technical architecture of the CII.
  2. Comply with codes of practice and standards of performance as issued by the commissioner.
  3. Notify the commissioner of any cybersecurity incident on the CII.
  4. Conduct regular audits of the CII.
  5. Carry out regular risk assessments of the CII.
  6. Participate in cybersecurity exercises as required by the commissioner.

Violations of the new law would subject offenders to fines of up to $72,000 or two years in prison.

Get CII Compliant

The CII bill will contain strict requirements for operators of Singapore computer networks deemed critical infrastructure. Proficio’s security analysts are experts in cybersecurity compliance, including this new law, and are able to advise your company or organization on how to comply with the new law. Don’t subject your company to fines and other penalties for being non-compliant with the Singapore Critical Information Infrastructure bill.

Contact Proficio today for expert services on how to comply with the Singapore Critical Information Infrastructure bill.

Free MSSP Checklist

Download our MSSP checklist to make sure you are asking all the right questions and getting the best service from your Managed Security Services Provider.