Smart Technologies and Innovations in Design for Control of Technological Processes and Objects: Economy and Production

National mechanisms of critical information infrastructure (CII) protection differ depending on the information assets, authorities’ powers, methods of regulation, etc. Singapore implements the state-driven approach for CII protection that is balanced and calibrated in order to harmonize the efficient powers of authorities with the burdens imposed on IT industry parties. Singapore’s Cybersecurity Act 2018 (CSA) establishes a solid and precise framework for the CII protection specifying three core aspects: constant cooperation of public authorities and private sector in envisaging a CII system; broad authorities for prevention, management and response to cybersecurity threats and incidents in Singapore, and compulsory licensing of cybersecurity services. It emphasizes compliance with promulgated codes of practice and expresses designation of CII and cybersecurity threats. The distinctive feature of the act is its significant reduction of the compliance burden on cybersecurity professionals and CII owners. As for the CII protection it’s important that computer systems in the supply chain supporting the operation of a CII (i.e. data centre owners and cloud services operators) will not be designated as CIIs. Thus the CSA illustrates the narrow approach of law makers in envisaging its jurisdiction – it implies just CII owners and not any network operators. Singapore is a first jurisdiction in South-East region that has developed its cybersecurity legislation to impose requirements on certain businesses to implement protections against cybersecurity risks into their computer systems.