Singapore’s Cybersecurity Act 2018: A New Generation Standard for Critical Information Infrastructure Protection

  • E. GorianEmail author
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 138)


National mechanisms of critical information infrastructure (CII) protection differ depending on the information assets, authorities’ powers, methods of regulation, etc. Singapore implements the state-driven approach for CII protection that is balanced and calibrated in order to harmonize the efficient powers of authorities with the burdens imposed on IT industry parties. Singapore’s Cybersecurity Act 2018 (CSA) establishes a solid and precise framework for the CII protection specifying three core aspects: constant cooperation of public authorities and private sector in envisaging a CII system; broad authorities for prevention, management and response to cybersecurity threats and incidents in Singapore, and compulsory licensing of cybersecurity services. It emphasizes compliance with promulgated codes of practice and expresses designation of CII and cybersecurity threats. The distinctive feature of the act is its significant reduction of the compliance burden on cybersecurity professionals and CII owners. As for the CII protection it’s important that computer systems in the supply chain supporting the operation of a CII (i.e. data centre owners and cloud services operators) will not be designated as CIIs. Thus the CSA illustrates the narrow approach of law makers in envisaging its jurisdiction – it implies just CII owners and not any network operators. Singapore is a first jurisdiction in South-East region that has developed its cybersecurity legislation to impose requirements on certain businesses to implement protections against cybersecurity risks into their computer systems.


Cybersecurity Critical information infrastructure CII protection Jurisdiction 


  1. 1.
    Buldyrev, S.V., Parshani, R., Paul, G., Stanley, H.E., Havlin, S.: Catastrophic cascade of failures in interdependent networks. Nature 464(7291), 1025–1028 (2010)CrossRefGoogle Scholar
  2. 2.
    Matania, E., Yoffe, L., Goldstein, T.: Structuring the national cyber defence: in evolution towards a Central Cyber Authority. J. Cyber Policy 2(1), 16–25 (2017)CrossRefGoogle Scholar
  3. 3.
    Farrand, B., Carrapico, H.: Blurring public and private: cybersecurity in the age of regulatory capitalism. In: Security Privatization: How Non-Security-Related Private Businesses Shape Security Governance, pp. 197–217. Springer International Publishing AG, Basel (2018)Google Scholar
  4. 4.
    Sarri, A., Moulinos, K.: Stocktaking, Analysis and Recommendations on the Protection of CIIs. European Union Agency for Network and Information Security (ENISA), Heraklion (2015)Google Scholar
  5. 5.
    Häyhtiö, M., Zaerens, K.: A comprehensive assessment model for critical infrastructure protection. Manag. Prod. Eng. Rev. 8(4), 42–53 (2017)Google Scholar
  6. 6.
    Bobro, D.: Methodological aspects of critical infrastructure protection (2018). Research Gate Homepage. Accessed 21 May 2018
  7. 7.
    Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. Official J. L, 345(23), 12 (2008)Google Scholar
  8. 8.
    Green Paper on a European Programme for Critical Infrastructure Protection. COM 576 final (2005)Google Scholar
  9. 9.
    Mattioli, R., Levy-Bencheton, C.: Methodologies for the identification of critical information infrastructure assets and services: guidelines for charting electronic data communication networks. European Union Agency for Network and Information Security (ENISA), Heraklion (2014)Google Scholar
  10. 10.
    Wun, R., Tan, M.: Cybersecurity in Singapore and China (2018). Lexology Homepage. Accessed 21 May 2018
  11. 11.
    Singapore’s Cybersecurity Strategy. Cyber Security Agency of Singapore, Singapore (2016)Google Scholar
  12. 12.
    Cybersecurity Act: Cyber Security Agency of Singapore, Singapore (2018)Google Scholar
  13. 13.
    Singapore’s New Cybersecurity Act - A Relief and Leading the Way for Others? BakerMcKenzie Homepage. Accessed 21 May 2018
  14. 14.
    Hashim, H.M., Sokolova, E., Derevianko, O., Solovev, D.B.: Cooling load calculations. In: IOP Conference Series: Materials Science and Engineering, vol. 463, Part 2, Paper № 032030 (2018). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Vladivostok State University of Economics and ServiceVladivostokRussian Federation

Personalised recommendations