Singapore reviews ways to boost digital infrastructures after big outage
Singapore is assessing how it should beef up its digital infrastructures and better mitigate both physical and cyber risks.
A task force comprising multiple government agencies will oversee the development of the country's Digital Infrastructure Act, which aims to boost the resilience and security of key digital infrastructures and services, according to the Ministry of Communications and Information (MCI).
Also: Singapore looks to accelerate AI development with investment in compute and talent
Singapore's cybersecurity and critical information infrastructures today are governed under the Cybersecurity Act, which is further supplemented by sector-specific regulations, such as the Telecommunications Act. However, it is necessary for the government to "go beyond" the Act to ensure the resilience of other digital infrastructure and services that local businesses and citizens depend on, MCI said.
It pointed to an hours-long outage at an Equinix data center last October that led to a widespread disruption of banking services, even though the site did not experience a cyber attack.
"While the risk of disruptions cannot be eliminated entirely, the task force has been reviewing the evolving risk landscape, studying measures deployed by other countries that are similarly facing these issues, and developing measures suited to Singapore's context," MCI said.
The impending Digital Infrastructure Act is among the measures being developed, with the intent to complement existing regulations that focus on mitigating cyber-related risks. The ministry added that the Cybersecurity Act soon will be expanded to include "foundational digital infrastructures", such as cloud service providers and data centers as well as key entities that hold sensitive data and carry out essential public functions.
The new digital infrastructure bill also will go beyond cybersecurity to encompass other resilience risks, spanning misconfigurations in technical architectures and physical hazards, such as fires, water leaks, and cooling system failures.
Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online
The task force will identify digital infrastructures and services that, if disrupted, have a "systemic impact" on Singapore's economy and society. These include cloud services that facilitate the availability of widely-used digital services, such as digital identities, ride-hailing, and payments.
The task force also is establishing requirements that regulated entities will be subject to under the Digital Infrastructure Act, which will consider the country's operating landscape and international developments. Jurisdictions such as the European Union (EU) and Australia, for instance, have implemented incident reporting requirements and baseline resilience and security standards with which regulated entities must comply.
These requirements will deepen the Singapore government's situational awareness and understanding of systemic risk when disruptions occur, as well as help prevent disruptions and guide recovery should disruptions occur, MCI said.
Also: The best VPN services: Expert tested and reviewed
It added that industry players and relevant stakeholders will be consulted as the task force, which was established in January, works on its proposals.
"[The task force] is mindful of the need to ensure coherence in requirements and processes, [such as] reporting channels across different regulatory levers," the ministry said. "It will also balance tradeoffs, such as those between risk mitigation and compliance costs, and between tailoring interventions to Singapore's context and accounting for global operations of many providers."
In addition, non-regulatory measures will be developed alongside regulatory measures, including the provision of best practices and guidance to help service providers boost the resilience and security of digital infrastructures.