Public Consultation Paper on the Draft Cybersecurity Bill

Ministry of Communications and Information

Ministry of Communications and Information and Cyber Security Agency of Singapore

Consultation Period: 10 Jul 2017 - 24 Aug 2017
Status: Closed
Detailed Description

25 AUGUST 2017

Thank you for your feedback. The public consultation on the Proposed Cybersecurity Bill is now closed. 

28 JULY 2017

In response to requests to extend the deadline for the submission of responses to the “Public Consultation Paper on the Draft Cybersecurity Bill”, MCI and CSA have decided to extend the deadline for submissions to 12 noon, 24 August 2017. We look forward to receiving feedback on the draft bill. 


The Ministry of Communications and Information (MCI) and the Cyber Security Agency of Singapore (CSA) would like to invite the public to provide feedback on the draft Cybersecurity Bill. 


2 Cyber-attacks are getting increasingly frequent, sophisticated and impactful. Globally, we have also seen a surge in the number of cybersecurity incidents, such as ransomware, cyber theft and banking fraud. In Singapore, the recent Advanced Persistent Threat (APT) attacks targeting two of our universities, and the occurrence of the global WannaCry and Petya/Petna malware attacks which also reached our shores, serve as stark reminders of Singapore’s vulnerability to cyber threats.

3 Around the world, attacks on systems that run utility plants, transportation networks, hospitals and other essential services are growing. Hence, the protection of our Critical Information Infrastructure (CIIs), which are necessary for the continuous delivery of Singapore’s essential services, is a cornerstone of the proposed Bill.

4 Successful attacks can and have resulted in significant financial losses and disruptions to daily lives. New cybersecurity legislation is needed so that we can take pro-active measures to protect our CIIs, respond expediently to cyber threats and incidents and facilitate sharing of cybersecurity information across critical sectors.

5 The proposed Cybersecurity Bill will establish a framework for the oversight and maintenance of national cybersecurity in Singapore, and will empower CSA to carry out its functions. 

6 This Consultation Paper outlines the rationale for the proposed Bill, highlights the key principles, as well as the regulatory areas and duties MCI and CSA have identified. It also outlines the procedures and timeframe for members of the industry and the public to submit their views and comments. The draft Bill is still in the midst of development and some provisions may be further scoped or refined, based on feedback received during this consultation.


7 The public consultation will be from 10 July to 24 August 2017.


8 Respondents should organise their submissions as follows:

a.         Cover page (including their personal/company particulars and contact information);

b.         Table of contents;

c.         Summary of major points;

d.         Statement of interest;

e.         Comments; and

f.          Conclusion.

Supporting materials may be placed as an annex to the submission.

• All submissions should be clearly and concisely written, and should provide a reasoned explanation for any proposed revisions. Where feasible, please identify the specific provision of the draft bill on which you are commenting, and explain the basis for your proposals.

• All submissions should reach MCI/CSA no later than 12pm on 24 August 2017. Late submissions will not be considered.

• Submissions are to be in softcopy only (in Microsoft Word or PDF format). Please send your submissions to, with the subject “Public Consultation for the Cybersecurity Bill”.

9 MCI and CSA reserve the right to make public all or parts of any written submission and to disclose the identity of the source. Respondents may request confidential treatment for any part of the submission that the respondent believes to be proprietary, confidential or commercially sensitive. Any such information should be clearly marked and placed in a separate annex. Respondents are also required to substantiate with reasons any request for confidential treatment. If MCI and CSA grant confidential treatment, it will consider, but will not publicly disclose, the information. If MCI and CSA reject the request for confidential treatment, it will return the information to the respondent that it submitted, and will not consider this information as part of its review. As far as possible, respondents should limit any request for confidential treatment of information submitted. MCI and CSA will not accept any submission that requests confidential treatment of all, or a substantial part, of the submission.


10 We will publish the feedback received from the respondents on the Cyber Security Agency of Singapore’s website.


11 For reference, please download the following documents for this public consultation exercise.