As with other jurisdictions in the Asia-Pacific region and around the world, Singapore has a number of statutes that apply to criminal misuse of computers and computer-related technology such as the Internet. Today, lets have a glance at the Singapore cyber security laws and regulations.
The Computer Misuse Act (the CMA) is Singapore’s fundamental legislative body that deals with matter related to cybercrimes. It was introduced in 1993. From the years since, the government has taken much stringent actions on Internet-related matters, including censorship. The Singapore cyber attacks in 2013 was a major incident which got the government's attention towards the growing cyber crimes and its dire consequences. Following the 2013 Singapore cyberattacks, the Computer Misuse Act was renamed to Computer Misuse and Cybersecurity Act.
A Glance at Singapore Cyber Security Laws
Before we go in depth of the Singapore cyber security laws and regulations, lets have a look at the past cyber attacks of Singapore.
The 2013 Singapore cyber attacks were a series of hack attacks initiated by the hacktivist organisation Anonymous, represented by a member known by the online handle "The Messiah". The cyber attacks were partly in response to web censorship regulations in the country, specifically on news outlets. On 12 November 2013, James Raj was charged in Singapore court as the alleged "The Messiah".
Singapore’s CMA offense provisions
Singapore’s Computer Misuse Act (the CMA) has a number of offence provisions that apply both to unauthorised and authorised uses of computers. In this post, we will concentrate only on the unauthorized access to computer material & what is the penalty that a criminal has to bear -
1. Unauthorised access to computer material
Offense: Any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence.
Penalty: 1. He shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both. In the case of a second or subsequent conviction, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.
2. If any damage is caused as a result of an offence under this section then criminal shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both.
2. Access with intent to commit or facilitate commission of offence
Offense: Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.
Penalty: 1. This section shall apply to an offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years.
2. Any person guilty of an offence under this section shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 10 years or to both.
The near future of Singapore Cyber security laws and regulations
Mr David Koh is the current chief executive (CE) of the Singapore’s Cyber Security Agency and is well-versed in the intricacies of online security. Mr Koh raised his concern on the lack of awareness about cyber security amongst Singaporeans and considers this as the prime reason for increasing cyber crimes. To combat the instances of cyber crimes, he along with the security agency has formulated a plan to strengthen the cyber security in the coming years. Let’s take a look at what the road ahead looks like:
1.Increasing the size of their security staff with broad range of skillsets
The roadmap for the CSA team is to achieve initial operating capacity by 2016 and full capacity a year later. Their target is to double the size of their current staff and are looking to fill a “broad range of skillsets” ranging operations management and outreach to IT and cybersecurity professionals with specific expertise.
2. Possible legislative changes being considered
The priority of the CSA team is to ensure organizations report breaches in a timely fashion, which most of these organizations are reluctant to do as it may affect their reputation and possibly divulge sensitive information to their competitors.
3. Cybersecurity to work with the Smart Nation Programme to realise a safer cyber security ecosystem
Mr Koh is reportedly working very closely with the Smart Nation Programme Office (SNPO) to realise Singapore’s Smart Nation vision. He said, “Cybersecurity should be seen as an enabler, and is the key plank on which the Smart Nation will be built on.”
In a recent attempt to bolster cyber security in Singapore, the government implemented the Personal Data Protection Act (PDPA) that mandates organizations to tell customers what data is collected and what is it used for. To quote, PDPA states that, “Inform the individuals on the purposes for collection, use and disclosure of their personal data during collection.” The revised PDPA helps establish a transparent communication between businesses & users to help people take an informed decision before they download the app.
The government is working to introduce new Singapore cyber security laws and update the existing ones to ensure greater security from crimes. However Mr Koh acknowledged the conundrum, saying it is “close to impossible to secure everything, 100 %, all of the time”. A better security requires efforts from companies as well to be proactive about security and implement security best practices in their usual work process.