Parliament passes amendments to Computer Misuse Act

SINGAPORE: Parliament has passed amendments to the Computer Misuse Act.

The changes provide the government with greater ability to work with stakeholders to take timely actions against cyber threats to Singapore’s Critical Information Infrastructure (CII).

These are systems necessary in delivering essential services to the public in key sectors such as healthcare and transportation.

The Act was last amended in 2003 to strengthen Singapore’s defence against cyber attacks.

Speaking in parliament, Second Minister for Home Affairs and Trade and Industry S Iswaran said the cyber threats of today are highly sophisticated and malicious, so the legislative framework must keep pace with the nature of the evolving cyber threat.

"I want to assure the House that these enhanced powers which come with safeguards will be used judiciously, the powers will be invoked to avert threats that may endanger our national security, essential services, defence or the foreign relations of Singapore," said Mr Iswaran.

One key amendment is to allow the Home Affairs Minister to issue a certificate to authorise a person or an organisation to take measures necessary to prevent, detect or counter cyber attacks.

The certificate could require a person or entity to provide technical information relating to the "design, configuration, operation and security of computers, computer programmes or computer services".

Mr Iswaran said: "The minister will issue a certificate only after careful consideration of the implications and after being satisfied that the measures are practical and reasonable. These measures will make our CII more robust and resilient to the growing cyber threats we face."

Non—compliance with the Minister’s directions is also a criminal offence.

Offenders can be fined up to S$50,000 or jailed for no more than 10 years or both. The Amendment Bill also seeks to rename the Act as the Computer Misuse and Cybersecurity Act.

Other Members of Parliament (MPs) expressed concerns that the Act’s powers may be too broad.

Christopher de Souza, MP for Holland—Bukit Timah Group Representation Constituency (GRC) commented: "It might be beneficial, it might be prudent, both for the public, as well as the government, to explain what threshold must be met, or what factors will play in the minds of the Ministry of Home Affairs, before the power to issue directions, is exercised."

Hri Kumar, MP for Bishan—Toa Payoh GRC suggested: "Would it not be possible to institute periodic reviews by a separate panel to ensure that such powers have been properly exercised and information gathered properly used or archived and in the appropriate cases, destroyed. These reviews may be held in camera to strike a balance between accountability and confidentiality, and they will promote confidence in the system."

Mr Iswaran answered: "Section 15(a) circumscribes the use of the powers to situations where there is threat to the national security, essential services, defence or foreign services of Singapore. So the Minister is constrained by the language of Section 15 (a) when acting. The decision is not unfettered.

"In addition, there is a robust process of procedural safeguards to ensure that these powers are properly exercised. A consultation process will be undertaken with the affected CII stakeholders where practicable. The government will undertake periodic internal reviews on the actions taken, so that the measures can be calibrated, or recalibrated as needed in future. We don’t intend to have an external review panel as suggested by Mr Hri Kumar, given the sensitivity and nature of the content."

— CNA/xq