SINGAPORE Trends and Developments Contributed by: Rajesh Sreenivasan, Steve Tan, Benjamin Cheong and Lionel Tan, Rajah & Tann Singapore LLP
Cybersecurity and Data Protection Our increasing reliance on technology at all lev - els – from personal to commercial to national – has meant that we are ever more at risk of cybersecurity threats. From the apps on our phones to the critical information infrastructure that supports the country’s essential services, each provides an avenue for cyber threats, the consequences of which can potentially be dev - astating. Singapore has made a number of efforts in the past year, both via policy and legislation, to raise its cybersecurity standards and better equip its cybersecurity framework with the tools to deal effectively with emerging threats. Our personal data is also increasingly at risk from cyber threats. This arises from our grow - ing presence in the digital environment and the increasing use of personal data in AI systems. PDPC has thus issued a number of key guide - lines in 2024, aiming to provide more detailed guidance on data protection obligations in the contexts raised above. Updated National Operational Technology Cybersecurity Masterplan Operational technology (“OT”) is integral to the functioning of critical information infrastructure (“CII”) sectors. However, the evolving nature of cyber threats poses significant risks to OT sys - tems and can lead to disruptions to essential services. The updated national “Operational Technology Cybersecurity Masterplan” (“OT Masterplan 2024”) was launched in August 2024. It sets out Singapore’s plans to boost the OT sector’s tech - nical cybersecurity capabilities and competen - cies to manage new cyber threats and enhance stakeholders’ security and resilience.
The main goals of the OT Masterplan 2024 are as follows: • improve OT cybersecurity professional com - petency and pipeline; • enhance information sharing and reporting; • uplift OT cybersecurity resilience beyond CII; and • establish an OT cybersecurity centre of excel - lence and promote Secure-by-Development principles throughout the OT system’s life cycle. Amendments to Cybersecurity Act On 7 May 2024, the Cybersecurity (Amend - ment) Act (“Amendment Act”) was passed in Parliament. The Amendment Act will implement changes to the Cybersecurity Act 2018, which regulates cybersecurity threats and incidents, CII, and cybersecurity service providers. The Amendment Act seeks to keep pace with emerging threat factors and operational practi - calities via specific amendments outlined below. Recognition of new models Updating existing provisions relating to the cybersecurity of CII to recognise new techno - logical and business models in the CII frame - work, such as the use of cloud computing by CII owners and the use of computing vendors for the delivery of services by essential service providers. Systems of Temporary Cybersecurity Concern (STCC) Expanding CSA’s oversight to cover the cyber - security of STCC, which are computer systems where the risk of a cyber-attack is high, and their loss or compromise would have a serious detri - mental effect on the national security, defence,
433 CHAMBERS.COM
Powered by FlippingBook