Singapore’s highly digitalised economy and society places heavy reliance on digital infrastructure and services. A recent spate of cyber outages and incidents in the banking and healthcare sectors[1][2] has caused disruptions in the delivery of digital services and negatively affected public confidence. The Taskforce was therefore formed on 4 January 2024 with the aim of maintaining public faith and assurance in digital infrastructure and services in Singapore, by proposing measures and guidelines to mitigate cybersecurity risks and enhance resiliency standards.
One new measure, which was announced on 1 March 2024, is the new DIA, which addresses a broad range of resilience risks faced by digital infrastructure and service providers. By holding these providers accountable and requiring them to comply with safety standards, the DIA aims to mitigate the risks of such service disruptions that could have profound economic and societal impacts.
The DIA is currently still being drafted. The Taskforce plans to draft the DIA with a broader scope than existing regulatory levers such as the Cybersecurity Act 2018 in order to tackle a wider range of risks encountered by digital infrastructure and service providers,[3] such as misconfigurations in cloud architecture and outages caused by fires, water leaks, and cooling system failures.
In drafting the DIA, the Taskforce will consider Singapore’s operating context and also draw inspiration from international developments. For instance, the European Union, Germany and Australia require regulated entities to report significant outages and cyber incidents to the authorities and also adhere to baseline resilience and security standards.[4] It appears likely that the DIA will follow this trend and include similar obligations.
Digital infrastructure and service providers, such as telecommunication service providers, cloud service providers and data centre operators, will be affected by the DIA if it is introduced.[5]
The Taskforce will continue to seek input from industry players and other stakeholders while scoping and developing its proposals for the DIA.[6] Concurrently, the Taskforce is also exploring non-regulatory measures to supplement Singapore’s legal framework, such as offering guidance to digital infrastructure and service providers on the best practices for enhancing resilience and security in order to ensure business continuity.[7]
For more information on the new DIA, please refer to the full press release here.
If you have any questions or would like to discuss any issues, please do not hesitate to contact us.
This article is produced by our Singapore office, Bird & Bird ATMD LLP. It does not constitute legal advice and is intended to provide general information only. Information in this article is accurate as of 6 March 2024.
[1] Websites of all S’pore public hospitals, polyclinics back up after crash lasting 7 hours
[2] 2.5 million transactions affected by recent DBS, Citibank outages; 810,000 login attempts failed
[6] COS 2024: Speech by Minister Josephine Teo (smartnation.gov.sg)