Singapore's government is considering labeling data centers and clouds as "critical infrastructure."
As part of an amendment to its 2018 Cybersecurity Bill, Singapore is considering extending oversight to cloud service providers and data center operators. A decision is due to be made by 15 January, 2024.
The Cybersecurity Agency of Singapore (CSA) currently lists energy, water, banking and finance, healthcare, land transport, maritime, aviation, government, infocomm, media, and security and emergency services as "critical infrastructure" but the amendment would see digital infrastructure added to the list.
The umbrella of digital infrastructure would include both cloud computing services in and out of Singapore provided it's deemed "necessary for the continuous delivery of an essential service, and the loss or compromise of the computer or computer system will have a debilitating effect on the availability of the essential service in Singapore," and data center facility services in the city-state.
This would require cloud and data center providers to similarly meet requirements of continuous delivery of service and protecting their systems from compromise. In the event of cyberattacks, providers will have to report them within two hours.
The CSA commissioner David Koh will also be able to submit requests from the operators such as audits, or requests for information, to which operators must comply.
In addition to the cloud and data center providers, groups working with the Singaporean government on critical data and systems may also be held to the same standards, as well as temporary systems used for high-profile events.
If the amendment is approved, failure to comply would result in penalties and fines.
The decision to look into the additional regulation for data centers and cloud providers shortly follows a major outage at an Equinix data center that brought DBS and Citibank's banking services offline. Estimates suggest that the outage caused around 2.5 million failed transactions.