Cybersecurity Law has Strengthened China's Regulatory Regime in Protecting Cyberspace Sovereignty and Tightening the Control over National Security Issues
The report covers the study of policies/guidelines issued by the regulatory bodies or cybersecurity agencies of two countries in the Asia-Pacific region. The two countries covered in this issue are Singapore and China. The objective of this study is to identify the impact of these policies on the cybersecurity industry in the two countries, based on an observation of what deems to be a significant policy/guideline provided by government authorities.
The report includes interpretation services and highlights of areas which may impact the country of study. Growth opportunities and a call to action are provided to highlight the areas of growth driven by the newly introduced policies or guidelines. In January 2018, the Cyber Security Agency of Singapore (CSA) released the Cybersecurity Bill. The main areas highlighted in the notification include the holistic approach it takes in applying the bill to all Critical Information Infrastructures (CIIs), addressing the Commissioner's powers in investigating cybersecurity incidents, the need for CIIs to carry out regular risk assessments and audit, the need for cybersecurity service providers to be licensed, and the various penalties that apply for any failure to comply.
The Cybersecurity Bill in Singapore poses some challenges for CIIs as they may not have the expertise to ensure adherence to the Bill. As such, business opportunities arise for the cybersecurity industry, especially for the service providers and educational institutes as they provide services to CIIs to help them fill the gaps for ensuring compliance with the Bill.
In June 2017, a fundamental law in cybersecurity came into effect in China. The implementation of the Cybersecurity Law has strengthened China's regulatory regime in protecting cyberspace sovereignty and tightening the control over national security issues. The new law requires network operators and critical information infrastructure (CII) operators to comply with the stated security obligations. The law not only lays emphasis on data security, but also stresses the protection of individual information.
Key Issues Addressed
- How will the policy/guideline provided by the government authorities impact the cybersecurity industry in the two countries in question?
- What is the implication of the policy/guideline for the industry stakeholders?
- What are the highlights of areas that may impact the country of study?
- Which industries will be affected by the issued policy/guideline?
- What are the growth opportunities entailed by the issued policy/guideline?
- What are the notable activities from cybersecurity authorities in the countries being discussed?
