SINGAPORE – Singapore is mulling over a new law to hold cloud services and data centre operators to greater accountability, recognising that any failure of their infrastructure could disrupt Singapore’s economy and society.

       The Digital Infrastructure Act (DIA) comes on the back of recent outages in the banking and healthcare sectors that MPs said have dented public confidence.

       “The DIA will focus on digital infrastructure that can cause significant impact on the economy and society, if disrupted,” Minister for Communications and Information Josephine Teo told Parliament on March 1.

       She said that cloud service players and data centres power a wide array of digital services that enterprises and consumers use daily. These include online banking and payments, e-government services, ride-hailing and digital identity management.

       “These operators may, therefore, need to meet higher security and resilience standards to reduce the likelihood of systemic disruptions,” Mrs Teo said during the debate on her ministry’s budget.

       For instance, on Oct 14, 2023, more than 2.5 million payment and ATM transactions could not be completed by DBS Bank and Citibank customers.

       The disruptions were caused by a fault in the cooling system of an Equinix data centre used by the two banks.

       Catch up on the news that everyone’s talking about

       Thank you!

       Sign up

       By signing up, I accept SPH Media's Terms & Conditions and Privacy Policy as amended from time to time.

       Yes, I would also like to receive SPH Media Group's SPH Media Limited, its related corporations and affiliates as well as their agents and authorised service providers.

       marketing and promotions.

       While the disaster recovery and contingency plans of both banks kicked in, their services were fully restored only in the early hours of Oct 15.

       Also, on Nov 1, 2023, the websites of major public hospitals, polyclinics and healthcare clusters in Singapore crashed for seven hours.

       Ms Tin Pei Ling (MacPherson) said that the disruptions affected the public’s trust in digital services and urged that minimum standards be put in place.

       Mr Christopher de Souza (Holland-Bukit Timah GRC) also said that risks must be properly allocated to the right commercial entities to incentivise risk management.

       Meanwhile, Ms Jessica Tan (East Coast GRC) and Mr Xie Yao Quan (Jurong GRC) asked how Singapore could bolster the security and resilience of its infrastructure.

       Mrs Teo replied that an inter-agency task force led by the Ministry of Communications and Information is drafting the scope of the DIA, which will complement upcoming amendments to the six-year-old Cybersecurity Act.

       The Cybersecurity (Amendment) Bill, to be tabled in Parliament next week, seeks to compel digital infrastructure and service providers to report cyber attacks within hours or comply with specified safety standards.

       Failing to do so may result in penalties.

       Remote video URL

       “While enhancing our cyber-security posture is important, it is not enough. Past outages in Singapore and elsewhere have shown that disruptions can occur due to non-cyber causes,” said Mrs Teo.

       Thus, the DIA aims to address a broader set of resilience risks faced by digital infrastructure and service providers, including misconfigurations in cloud architecture and outages caused by fires, water leakages and cooling system failures, said Mrs Teo.

       The Cybersecurity (Amendment) Bill and DIA borrow concepts from similar legislations in the European Union, Germany and Australia that require major outages and cyber incidents to be reported to the authorities, among other obligations.

       Players that could come under both legislations in Singapore include data centre operators Equinix and Microsoft, as well as cloud service providers Google and Amazon Web Services.

       More On This Topic

       Our data problems are getting harder to ignore

       ‘I carried around my piggy bank’: Amid DBS, Citibank service outage, cash is king

       Mrs Teo said the cross-border nature of cloud service providers, as well as the trade-offs between mitigating risks and compliance costs need to be considered.

       “While we cannot fully eliminate disruptions, we will do more to minimise their occurrence,” she said.

       “We will continue to consult industry players and relevant stakeholders, and ensure coherence in requirements between the DIA and the Cybersecurity Act.”

       Outages are not unique to Singapore. In April 2023, a fire in a Global Switch data centre in Paris brought down Google Cloud services in Europe for weeks for some customers.

       A cooling system water pump failure reportedly caused water to leak into the battery room, which sparked the fire. Several French government websites and services, including the Lyon airport website, went offline.

       In June 2023, an outage at Amazon Web Services left the websites of The Boston Globe, the New York Metropolitan Transportation Authority and Southwest Airlines, among others, inaccessible for hours.

       Cloud downtime can cost business users US$100,000 (S$134,650) an hour, according to New York-based insurance company Parametrix Solutions.

       More On This Topic

       MAS suspends DBS from new business ventures, reducing branch and ATM networks over disruptions

       Disruptions to critical services highlight urgent need to dig deep into digital vulnerabilities

       Unlock unlimited access to ST exclusive content, insights and analyses

       ST One Digital - Annual

       $9.90 $4.95 /month

       Get offer

       $59.40 for the first year and $118.80 per year thereafter.

       ST One Digital - Monthly

       29.90 $9.90 /month

       Subscribe today

       No lock-in contract

       Unlock more knowledge, unlock more benefits

       New feature: Stay up to date on important topics and follow your favourite writers with myST All subscriber-only content on ST app and straitstimes.com Easy access any time via ST app on one mobile device

       Join ST's WhatsApp Channel and get the latest news and must-reads.

       Committee of Supply 2024 Cyber security Disruption E-banking Budget 2024 Singapore Parliament

       Facebook Telegram More Whatsapp Linkedin Twitter FB Messenger Email Print Purchase Article Copy permalink https://str.sg/Hbgf

       Read this subscriber-only article for free!

       Just sign up for a free account and log in to continue reading.

       New law mooted to minimise digital service disruptions due to cloud, data centre outages

       Sign up

       Already have an account? Log in.

       All done! This article is now fully available for you

       New law mooted to minimise digital service disruptions due to cloud, data centre outages

       Read now

       Please verify your e-mail to read this subscriber-only article in full

       New law mooted to minimise digital service disruptions due to cloud, data centre outages

       Resend verification e-mail

       The gift link for this subscriber-only article has expired.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       You have reached your limit of subscriber-only articles this month.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       Read and win!

       Read 3 articles and stand to win rewards

       Let's go! Terms & conditions apply

       Frequently asked questions

       Good job, you've read 3 articles today!

       Spin the wheel now

       Let's go! Terms & conditions apply

       Frequently asked questions