Public Consultation Paper on the Draft Cybersecurity Bill

Ministry of Communications and Information

Ministry of Communications and Information and Cyber Security Agency of Singapore

Consultation Period: 10 Jul 2017 - 03 Aug 2017
Status: Open
Bookmark
Detailed Description

INTRODUCTION

The Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore (CSA) would like to invite the public to provide feedback on the draft Cybersecurity Bill. 

SCOPE OF CONSULTATION

2 Cyber-attacks are getting increasingly frequent, sophisticated and impactful. Globally, we have also seen a surge in the number of cybersecurity incidents, such as ransomware, cyber theft and banking fraud. In Singapore, the recent Advanced Persistent Threat (APT) attacks targeting two of our universities, and the occurrence of the global WannaCry and Petya/Petna malware attacks which also reached our shores, serve as stark reminders of Singapore’s vulnerability to cyber threats.

3 Around the world, attacks on systems that run utility plants, transportation networks, hospitals and other essential services are growing. Hence, the protection of our Critical Information Infrastructure (CIIs), which are necessary for the continuous delivery of Singapore’s essential services, is a cornerstone of the proposed Bill.

4 Successful attacks can and have resulted in significant financial losses and disruptions to daily lives. New cybersecurity legislation is needed so that we can take pro-active measures to protect our CIIs, respond expediently to cyber threats and incidents and facilitate sharing of cybersecurity information across critical sectors.

5 The proposed Cybersecurity Bill will establish a framework for the oversight and maintenance of national cybersecurity in Singapore, and will empower CSA to carry out its functions. 

6 This Consultation Paper outlines the rationale for the proposed Bill, highlights the key principles, as well as the regulatory areas and duties MCI and CSA have identified. It also outlines the procedures and timeframe for members of the industry and the public to submit their views and comments. The draft Bill is still in the midst of development and some provisions may be further scoped or refined, based on feedback received during this consultation.

PERIOD OF CONSULTATION

7 The public consultation will be from 10 July to 3 August 2017.

FEEDBACK CHANNEL

8 Respondents should organise their submissions as follows:

a.         Cover page (including their personal/company particulars and contact information);

b.         Table of contents;

c.         Summary of major points;

d.         Statement of interest;

e.         Comments; and

f.          Conclusion.

Supporting materials may be placed as an annex to the submission.

• All submissions should be clearly and concisely written, and should provide a reasoned explanation for any proposed revisions. Where feasible, please identify the specific provision of the draft bill on which you are commenting, and explain the basis for your proposals.

• All submissions should reach MCI/CSA no later than 5pm on 3 August 2017. Late submissions will not be considered.

• Submissions are to be in softcopy only (in Microsoft Word or PDF format). Please send your submissions to csa_cs_bill_feedback@csa.gov.sg, with the subject “Public Consultation for the Cybersecurity Bill”.

9 MCI and CSA reserve the right to make public all or parts of any written submission and to disclose the identity of the source. Respondents may request confidential treatment for any part of the submission that the respondent believes to be proprietary, confidential or commercially sensitive. Any such information should be clearly marked and placed in a separate annex. Respondents are also required to substantiate with reasons any request for confidential treatment. If MCI and CSA grant confidential treatment, it will consider, but will not publicly disclose, the information. If MCI and CSA reject the request for confidential treatment, it will return the information to the respondent that it submitted, and will not consider this information as part of its review. As far as possible, respondents should limit any request for confidential treatment of information submitted. MCI and CSA will not accept any submission that requests confidential treatment of all, or a substantial part, of the submission.

PUBLICATION OF FEEDBACK

10 We will publish the feedback received from the respondents on the Cyber Security Agency of Singapore’s website.

DOCUMENTS TO DOWNLOAD

11 For reference, please download the following documents for this public consultation exercise.