The Government of Singapore said it will clarify the definition of critical information infrastructures and duties of operators as well as licensing requirements of service providers, in the new bill slated to be introduced in early-2018.
The authorities responded to a public feedback on the proposed legislation which was sought and these now would be considered as part of efforts to “refine” several aspects of the bill.
These included law firms such as Allen & Gledhill, which said it submitted its feedback on behalf of nine financial institutions, all three local carriers–M1, StarHub, and Singtel–consulting firms such as PricewaterhouseCoopers Risk Services and KPMG, and tech vendors such as Amazon Web Services, FireEye, Microsoft, and Palo Alto Networks, reported the ZDNet site.
Amongst the feedback were requests for a clearer definition of systems that were deemed to be part of CIIs, which CSA said would exclude computer systems “in the supply chain supporting the operation of a CII’. As such, third-party contractors would not be considered CII owners.
In addition, reservations were expressed with regards to the licensing of cybersecurity service providers, which some said would impact the development of the local industry.
Slated to be introduced in parliament early-2018, the Cybersecurity Bill was first unveiled in July this year and touted as a necessary step to enable the relevant authorities to take proactive measures to protect local critical information infrastructures (CIIs) and swiftly respond to threats and incidents.
It listed 11 sectors considered to own CIIs, including water, healthcare, government, maritime, energy, and aviation.