Critical information infrastructure are computer systems necessary for the delivery of essential services such as water and electricity. SINGAPORE: Owners of critical information infrastructure , such as those providing water, electricity and banking services, will be required to report more types of cybersecurity incidents, including those that happen in their supply chains, under a new proposed law.
The Bill seeks to amend the Cybersecurity Act 2018, which establishes a legal framework for the oversight and maintenance of national cybersecurity in Singapore. She said the law needed to change to reflect the increasing importance of ensuring the cybersecurity of the digital infrastructure and services that power Singapore’s digital economy, as well as allow citizens to meet their day-to-day needs.
An example of an STCC would be the temporary systems used to support the distribution of critical vaccines during a pandemic. During the COVID-19 pandemic, vaccine distribution systems deployed by healthcare organisations around the world were targeted by malicious cyber actors. Under the Bill, CSA will be able to designate and regulate ESCI for cybersecurity. The obligations imposed on these entities will not be at the same levels as that for CIIs, Singapore’s cybersecurity agency said.