In light of multiple recent studies showing how often Asian companies face cyberattacks and how unprepared they are, both Singapore and China are taking steps towards passing comprehensive cybersecurity legislation.
Singapore is set to introduce cybersecurity legislation that puts the onus on critical information infrastructure owners and operators to take responsibility for securing their own systems and networks and requires them to participate in cybersecurity exercises, Yaacob Ibrahim, minister for communications and information, said at a Financial Times Security Summit.
The new law will create standards for incident reporting, audits and risk assessment, and will also facilitate cybersecurity information sharing.
The Standing Committee of the National People’s Congress of China held the third reading of its Cybersecurity Law draft. The third reading is typically the final reading, suggesting that it could be implemented soon, although the government could also move slowly, so it’s unclear when it will be finalized. The official Chinese government news agency Xinhua, reported that congress had proposed passing the third reading at its current meeting Nov. 7.
The congress’ website says that “key information sectors”—generally industries that could jeopardize national security if attacked—would be subject to data localization requirements and security protection measures. These include public communication, energy, finance and water resource, among others.
Western technology companies have been especially critical of the privacy implications of many of the powers the bill would give the government.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)