Singapore

Worries about new Cyber Security Bill surfaced during public consultation

Concerns about the extent of powers a new Cyber Security Bill would give the Government emerged during a just-concluded public consultation, underscoring the ever-present tension between security and privacy.

The Bill, to be tabled for debate in Parliament next year, will give the commissioner of the Cyber Security Agency (CSA) the powers to order an investigation into a suspected cyber attack. Organisations must then surrender any information requested, and failure to do so can lead to a fine or jail term.

The Bill will take precedence over bank and privacy rules that prohibit data sharing, and banks and telcos will have to report the attack "within hours".

Worries about such rules surfaced during a two-month public consultation, which ended in August, the CSA acknowledged.

But its chief executive David Koh said the perception of sweeping powers from some members of the public was a "misunderstanding".

"The Bill defines the power that CSA has (and limits it) to when there is a cyber security incident. It does not give CSA broad powers to oversee every computer in Singapore," he said, adding that the information requested will mostly be technical in nature.

The CSA said the Bill received generally positive comments.

Overall, the 92 individuals, industry associations and companies that made submissions welcomed the laws, the agency said, adding that they recognised that its job is to ensure that essential services such as power and telecommunications are kept running when hackers strike.

The response was reflected in the relatively minor edits made to the law at the end of the consultation, said the CSA.

The high-level agency in charge of coordinating cyber security efforts nationwide retained most of its proposed rules, making only changes for operational efficiencies after taking in feedback from businesses.

For instance, the designation of a computer as a critical information infrastructure will no longer be an official secret under the Official Secrets Act (OSA).

Mr Harish Pillay, 57, who is on non-profit Internet Society's board of trustees, had questioned the invocation of the OSA, noting that it was "draconian".

He said: "Security via obscurity is not the way forward."

Mr Pillay, a chief technologist in a tech firm, was also concerned that the CSA's powers to seize computers and information would be too onerous on firms that must follow strict privacy laws in overseas markets.

Cyber attacks have become a growing threat here and battling them has taken on added urgency amid a push to go digital, claiming victims such as universities and government agencies as well.

Supporters of the Bill, which was first released in July, had described it as bold and praised the fact that it covers both the public and private sectors - recognising that cyber criminals do not respect any such boundaries.

hackingITsecurity