Singapore’s Digital Infrastructure Act to Empower Cyber Resilience

In a rapidly evolving digital landscape, the resilience and security of critical information infrastructure (CII) are paramount to ensure the continuous delivery of essential services. Recognising this imperative, Singapore’s Ministry of Communications and Information (MCI) has taken a proactive step by announcing the formation of an inter-agency Taskforce on the Resilience and Security of Digital Infrastructure and Services.

The MCI unveiled plans to study the introduction of a Digital Infrastructure Act (DIA), aimed at bolstering the resilience and security of key digital infrastructure and services. This initiative comes in response to recent disruptions, such as the Equinix data centre outage, which underscored the need to fortify Singapore’s digital ecosystem against various risks, including cyber threats and physical hazards.

The current regulatory framework, primarily governed by the Cybersecurity Act (CS Act), provides a foundation for managing cyber-related risks. However, the scope of the CS Act is limited, and recent incidents have highlighted gaps in addressing broader resilience challenges. The proposed DIA seeks to complement existing regulations by addressing a wider range of risks, including technical misconfigurations and physical incidents like fires or system failures.

Central to the development of the DIA is the identification of critical digital infrastructure components that underpin Singapore’s economy and society. Data centres, cloud services, and platforms facilitating essential services such as banking, transportation, and digital identities are among the key focus areas. By targeting entities with systemic importance, the DIA aims to enhance the overall resilience of Singapore’s digital ecosystem.

The Taskforce is also studying international best practices and regulatory approaches to inform the design of the DIA. Lessons from jurisdictions like the European Union, Germany, and Australia, which have implemented incident reporting requirements and baseline security standards, serve as valuable benchmarks. By aligning with global standards while considering Singapore’s unique operating context, the DIA aims to strike a balance between effective risk management and regulatory compliance.

Crucially, the Taskforce acknowledges that regulation alone is insufficient to address complex resilience challenges. Therefore, alongside regulatory measures, non-regulatory initiatives such as guidance on best practices for resilience and security will be explored. These efforts aim to empower digital infrastructure and service providers to adopt proactive measures for business continuity and risk mitigation.

The Taskforce, led by MCI and comprising members from various government agencies including the Smart Nation Group, Cyber Security Agency of Singapore, Infocomm Media Development Authority, and Government Technology Agency, embodies a collaborative approach to addressing digital resilience and security. Consultation with industry stakeholders and relevant sector agencies ensures that policies and measures are well-informed and aligned with industry needs.

Underpinning the Taskforce’s efforts is a commitment to upholding public trust and confidence in Singapore’s digital infrastructure and services. By continuously reviewing and adapting to the evolving threat landscape, the Taskforce aims to safeguard Singapore’s digital future while fostering innovation and growth.

As Singapore navigates the complexities of a digitalised economy, the introduction of the Digital Infrastructure Act marks a significant step towards enhancing resilience and security in the digital domain. Through a comprehensive approach encompassing regulation, industry collaboration, and innovation, Singapore aims to fortify its position as a trusted digital hub in the global arena.

Singapore is deeply committed to cybersecurity, actively seeking to bolster resilience across sectors in response to evolving digital threats. In light of rising concerns about bank customer scams, OpenGov Asia reported that MAS and government agencies are collaborating with banks to bolster anti-scam measures.

Through initiatives like the Shared Responsibility Framework, financial institutions and telecom companies are tasked with combatting phishing scams, reinforcing consumer protection, and upholding confidence in digital banking systems. This concerted effort reflects a commitment to enhancing cybersecurity and safeguarding against evolving threats in Singapore’s digital landscape.