The Computer Misuse (Amendment) Bill was introduced for First Reading at the Parliamentary Sitting on 12 November 2012.
2. The Bill seeks to amend the Computer Misuse Act to enable the Government to take effective and timely measures to prevent, detect and counter cyber attacks that may threaten our national security, essential services, defence or foreign relations. The Bill also seeks to rename the Act as the Computer Misuse and Cybersecurity Act. This will better reflect the objective of section 15A to secure our national critical information infrastructure against cyber threats that may endanger national interests or national security, in addition to other existing provisions in the Computer Misuse Act dealing with computer offences such as unauthorised access and misuse of computer systems.
3. National Critical Information Infrastructure (CII) refers to the various essential information systems and assets, such as telecommunication networks, banking infrastructure, water, electricity, gas and public transportation systems. Given the interconnectivity of CII systems, a successful cyber attack on one segment of CII can have immediate knock-on effects on another CII. This would have far-reaching consequences for Singapore’s security, economy, public health and safety.
4. In view of the increasing prevalence of cyber threats, the Ministry of Home Affairs proposes to amend section 15A of the Computer Misuse Act for effective and timely measures to be taken to make Singapore’s CII robust and resilient against cyber attacks. This is in line with similar moves by other countries. Cyber attacks worldwide have increased in frequency, speed and sophistication. They are difficult to detect, and often occur without early warning. Prompt and effective action must be taken to avert such threats well before they endanger our CII.
5. The amendments to the CMA are therefore geared towards enabling effective and timely action to be taken against cyber threats. When credible information is received, for example, of the development or use of a new malware targeting CII, the Minister may direct measures to be taken to strengthen the resilience of the CII against the cyber threat.
6. The key amendments proposed to section 15A are:
a) Enable Effective and Timely Measures to be taken to Strengthen Cybersecurity of CII
The amendments will enable the Minister for Home Affairs to direct CII owners and operators to take effective and timely measures against cyber threats. The Minister may issue such directions for the purpose of preventing, detecting or countering any cyber attack that may threaten the national security, essential services, defence or foreign relations of Singapore. Non-compliance with the directions of the Minister will be made a criminal offence.
b) Protect Information Obtained Under Minister’s Direction
The Minister may direct a CII owner or operator to provide information that is necessary to identify, detect or counter cyber threats. As such information may be sensitive, legal safeguards will be introduced to protect the information obtained by imposing restrictions on its use and disclosure.
c) Grant Immunity from Civil and Criminal Liability
The amendments will grant immunity from civil and criminal liability to those that had acted in good faith in complying with the Minister’s direction.
d) Modify Definition of “Essential Services”
The Bill will modify the definition of “essential services” to include land transport infrastructure, aviation, shipping and other health services. These will be in addition to the current definition of essential services being services related to communications infrastructure, banking and finance, public utilities, public transportation, public key infrastructure and emergency services such as police, civil defence or medical services.
Ministry of Home Affairs