The Cybersecurity Act deals with cybersecurity, and only extends to computers which are located wholly or partly in Singapore.

The Singapore Police Force and the Ministry of Home Affairs are empowered under the Computer Misuse and Cybersecurity Act (CMCA) to investigate and prosecute perpetrators of cybercrime.

Cross-border cyber-attacks and cybercrime are increasingly common. Hence, the CMCA was amended in April 2017 to allow the Police to pursue investigations into several CMCA offences that are committed from overseas, if such offences are deemed to cause, or to create a high risk of serious harm to Singapore.

With these legislative changes, Police are now able to initiate investigations against cybercriminals located overseas, by collaborating with their foreign counterparts to provide and share evidence of such cases. Where possible, Police will work towards extraditing these offenders to Singapore, and prosecuting them in Singapore courts.

Cross-border enforcement of cybercrime is challenging. The scope of extraterritorial jurisdiction in the CMCA has been very tightly scoped, to ensure that Police resources are not over-committed to pursue crimes that have limited or no impact on Singapore.

Some countries may provide for extraterritorial powers in their cybersecurity or cybercrime legislation, to enforce cybersecurity measures or to allow for the prosecution of overseas cyber-attackers.

However, enforcement of domestic laws beyond the local jurisdiction remains a challenge. Instead, the Cyber Security Agency of Singapore (CSA) would work closely with our foreign counterparts, such as through information sharing arrangements, to facilitate cybersecurity investigations.