Singapore's Cybersecurity Agency will conduct a review of the Cybersecurity Act to better reflect today's fast-changing digital economy. There will be a public consultation in early 2023 to solicit views from the wider community.
In addition, the Cybersecurity Code of Practice, applicable to 11 critical information infrastructure (CII) sectors, will also be updated to better deal with new and emerging threats such as ransomware and domain-specific risks such as 5G. Such CII sectors are: Aviation, Banking & Finance, Energy, Government, Healthcare, Infocommunications, Land Transport, Maritime, Media, Security & Emergency Services and Water. Examples of the enhancements include:
a. Adopting a threat-based approach to identify threat actors’ common tactics and techniques used in a cyber-attack lifecycle; and
b. Allowing the flexibility to add domain-specific practices, e.g. use of 5G technologies, on an ad-hoc basis to the relevant CII sectors and/or specific CII Owners to implement.
CII owners' feedback will be taken into consideration and the enhanced code issued in the second quarter of 2022.