Lessons and Safeguards from Disruptions Due To Recent Data Centre Outages
Ministry of Home AffairsSpeakers
Summary
This question concerns lessons from recent digital service disruptions and potential regulations to enhance data centre resiliency, as raised by Mr Liang Eng Hwa. Minister for Communications and Information Mrs Josephine Teo explained that Critical Information Infrastructure is already regulated, but the Government is studying how to further strengthen data centres as a broad infrastructure category. These studies include exploring risk-calibrated regulations based on international standards to address the systemic impact of outages on the economy and interconnected systems. She noted that while sector-specific regulators currently impose requirements, the Government is evaluating the need for more foundational interventions across the digital landscape. The Minister emphasized that regulation alone cannot eliminate disruptions, requiring industries to also implement robust measures to ensure the continuity of essential digital services.
Transcript
107 Mr Liang Eng Hwa asked the Minister for Communications and Information (a) what are the lessons learnt from the recent disruptions to the various digital services; and (b) whether the Government will step up regulations to minimise risks of data centre outage and to ensure the resiliency of data centre services in Singapore.
Mrs Josephine Teo: The specifics of the recent outage affecting banking services have been, or will be, addressed in response to related Parliamentary Questions. I will focus on the broader digital infrastructure landscape and the Government’s approach to enhancing its security and resilience.
Where a data centre supports the delivery of essential services or other nationally important systems, we have regulation in place to ensure its security and resilience. For example, the Cyber Security Agency identifies and regulates Critical Information Infrastructure (CII), which can include computer systems situated in a data centre that are necessary for the provision of essential services in sectors, such as the Government, infocomm, and banking and finance. In addition, sector regulators impose requirements on the service providers in their sectors. Major telcos and banks, for instance, are regulated by the Infocomm Media Development Authority and Monetary Authority of Singapore respectively, for security and resilience. Exercises and audits are conducted to identify potential vulnerabilities and ensure the robustness of service providers’ security and resilience measures.
With more of our economic activity moving online and the growing interconnectedness of our systems, the Government recognises the need to further study our reliance on different components of digital infrastructure, the risks and impact of disruptions, and the need for more interventions. For example, data centres may not all host CII systems but collectively provide foundational services for the proper functioning of our economy. Today, most data centre operators already adopt a risk management approach in line with international standards, including the implementation of measures to ensure resilience. The Government is studying whether and how best to strengthen the security and resilience of data centres as a category of digital infrastructure with significant impact. This may include risk-calibrated regulation for data centres, taking reference from international standards and best practices.
However, we must recognise that regulation alone will not fully eliminate the possibility of outages and disruptions. Industries and enterprises must also play their part. To ensure consumer confidence, entities, such as banks, telcos and digital service providers, should take steps to mitigate risks and ensure the continued delivery of important digital services even when outages or disruptions occur.