Why It Matters

True cost of cyber security

Some call it the Big Brother Bill - for understandable reasons. Singapore's Cyber Security Bill, released on Monday for public consultation, seeks to take precedence over existing banking secrecy and general privacy rules that forbid the sharing of confidential information.

For instance, if a proposed Commissioner of Cyber Security orders an investigation into a suspected cyber attack, organisations must surrender any information requested.

The commissioner will have wide powers to get hold of data not just from owners of critical information infrastructure (CII), but also from other system owners.

Failure to share the required information or comply with any orders from the commissioner can lead to a fine or jail term.

CII refers to any system that relates to 11 essential services, including banking, telecommunications, transport, healthcare and energy.

The breadth of the Bill may be staggering, but lawyer Gilbert Leong, a senior partner at Dentons Rodyk & Davidson, explains why it has to be. "An attack in one sector may well have a domino effect on other sectors that are seemingly far removed from that sector under attack," said Mr Leong.

And attacks have been getting more rampant. In April, hackers broke into the networks of the National University of Singapore and Nanyang Technological University, presumably to steal government-related data. Both institutions are involved in government-linked projects for the defence, foreign affairs and transport sectors.

Just two months earlier, the personal data of 850 national servicemen and Defence Ministry staff was also stolen.

While businesses wonder about the cost of compliance and Big Brother having seemingly unfettered access to data, information is increasingly under siege. The public consultation should generate a lively debate about this.

A version of this article appeared in the print edition of The Straits Times on July 14, 2017, with the headline 'True cost of cyber security'. Print Edition | Subscribe