Last week, Singapore’s minister for Home Affairs and Law announced plans to strengthen cybersecurity legislation as part of his government’s National Cybercrime Action Plan, strengthening Singapore’s establishment as a technology hub for the region and signaling a significant advancement in its Smart Nation Programme. Acknowledging the worrying trends in cybercrime rates and the evolving creativity of attackers, My Shanmugam emphasised the need for legislation to keep pace with national cybersecurity initiatives.
The new Cybersecurity Act, announced earlier this year, is expected to be tabled in 2017. The legislation will aim to enhance law enforcement investigative and enforcement powers and, significantly, advance the accountability of companies responsible for processing and/or collecting sensitive data.
Previous commentary from the government on the new Cybersecurity Act focused more heavily on accountability for companies responsible for data collection and processing than last week’s announcements, which considered cybersecurity more broadly. “A significant part of the legislation really is to just make sure providers of essential services at least take basic precautions to protect the data, protect the privacy and do not abuse the access to the information”, Vivian Balakrishnan, minister-in-charge at Singapore’s Smart Nation Programme Office, stated previously. Businesses in Singapore responsible for data collection and processing will likely face an increased compliance burden in adapting business practices to new legislation. But this may be offset by the attractiveness of a framework for responsible and accountable use of data to consumers and processors of sensitive data across Asia alike, which may prove to be a significant boost to Singapore as a regional technology and data hub.
In his announcement, Mr Shanmugam emphasised that the change in law was required, in part, due to the changing nature and complexity of cybercrime, worldwide. The scale and adaptability of attacks, the speed with which criminals were now able to attack and the cross-border nature of cybercrime, in particular, required an update to legislation for it to remain relevant.
Along with the changes to legislation, Mr Shanmugam detailed necessary enhancements to law enforcement capabilities, including automation tools to allow the effective analysis of large data volumes. “Ultimately, our National Cybercrime Action Plan is a recognition of a change that cybercrime will bring about in our society and a fundamental relook at our approaches, our laws, our outreach efforts, the way we train and equip our police officers, and the way our agencies work with partners both within and outside of Singapore.”
The strengthening of cybercrime legislation is one focus area of four under the National Cybercrime Action Plan: (1) public education, (2) cybercrime-fighting capabilities, (3) laws and criminal justice framework, and (4) industry partnerships. On education, Mr Shanmugam said that “the first priority has to be to train our people, to be smarter, better in dealing with cyberspace, and empower them to work in cyberspace”. On industry partnerships, he went on to emphasise the need for better co-ordination and shared responsibility between industry and government and the need to foster relationships between government and businesses in the private sector and educational institutions, worldwide. Although this represents a wholly new approach to cybercrime in Singapore, industry eagerly awaits further detail on specific plans for partnership and collaboration across sectors. Implementation costs for companies in Singapore in particular will be a key concern but the potential synergies for business arising from the government’s ambitious objectives may mitigate initial growing pains.
Last week’s announcements appear to be a positive step towards Singapore’s grand ambitions to establish itself as the pre-eminent technology and data hub for Asia and the world’s first ‘smart nation’.