Skip to navigationSkip to content

The country with the world’s best cybersecurity is planning a new law to license hackers

Clothes are hung for drying outside public housing estate flats built by the HDB at a residential area in Singapore
Reuters/Nicky Loh
Everything in its right place.
  • Joon Ian Wong
By Joon Ian Wong

Technology Reporter

Published This article is more than 2 years old.

Hackers in Singapore are going legit: The government may soon require them to get a license.

As part of a draft bill that will make sweeping changes to Singapore’s national cybersecurity regime, already rated the world’s best by the International Telecommunication Union (ITU), hackers who conduct investigative work such as penetration testing—probing systems for holes in their security—will be required to obtain a license. The same goes for specialists conducting forensics work.

Such work is routinely carried out by vendors for clients like banks and telcos to ensure their systems are secure. Companies and individuals carrying out such work must be licensed by the government. Hacking without a license is punishable by two years’ jail and up to S$50,000 ($36,000) in fines. The licensing proposal is in line with the country’s reputation for extreme orderliness.

Global Cybersecurity Index 2017
Highest ranked countries
1. Singapore
2. USA
3. Malaysia
4. Oman
5. Estonia
6. Mauritius
7. Australia
8. Georgia
8. France
9. Canada
10. Russia
Source: ITU Global Cybersecurity Index

Singapore’s hacking license would be a departure from the current global practice of self-certification. Hackers employed to check system security can currently obtain the “certified ethical hacker” certificate issued by the International Council of Electronic Commerce Consultants, a trade body based in the United States. In the United Kingdom, hacking by the government was recently legalized under the euphemism “equipment interference.”

Singapore’s national cybersecurity agency, created two years ago, cited recent global attacks like the Wannacry and Petya ransomware outbreaks as “stark reminders” of the country’s vulnerability to online threats. The proposed legislation is meant to put the country on a “pro-active” footing in dealing with cyber threats. The island-nation’s leadership position in global cybersecurity means its proposed laws could be a model for other countries.

Hackers better start studying up.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.