Hackers in Singapore are going legit: The government may soon require them to get a license.
As part of a draft bill that will make sweeping changes to Singapore’s national cybersecurity regime, already rated the world’s best by the International Telecommunication Union (ITU), hackers who conduct investigative work such as penetration testing—probing systems for holes in their security—will be required to obtain a license. The same goes for specialists conducting forensics work.
Such work is routinely carried out by vendors for clients like banks and telcos to ensure their systems are secure. Companies and individuals carrying out such work must be licensed by the government. Hacking without a license is punishable by two years’ jail and up to S$50,000 ($36,000) in fines. The licensing proposal is in line with the country’s reputation for extreme orderliness.
Singapore’s hacking license would be a departure from the current global practice of self-certification. Hackers employed to check system security can currently obtain the “certified ethical hacker” certificate issued by the International Council of Electronic Commerce Consultants, a trade body based in the United States. In the United Kingdom, hacking by the government was recently legalized under the euphemism “equipment interference.”
Singapore’s national cybersecurity agency, created two years ago, cited recent global attacks like the Wannacry and Petya ransomware outbreaks as “stark reminders” of the country’s vulnerability to online threats. The proposed legislation is meant to put the country on a “pro-active” footing in dealing with cyber threats. The island-nation’s leadership position in global cybersecurity means its proposed laws could be a model for other countries.
Hackers better start studying up.