Page:Cybersecurity Act 2018.pdf/31

32 exercising the powers under this section or section 20, as the case may be.

Powers to investigate and prevent serious cybersecurity incidents, etc.

20.—(1) Where the Commissioner receives information regarding a cybersecurity threat or incident which satisfies the severity threshold in subsection (3), the Commissioner may exercise, or may authorise the Deputy Commissioner, an Assistant Commissioner, a cybersecurity officer or an authorised officer to exercise, such of the powers mentioned in subsection (2) as are necessary to investigate the cybersecurity threat or incident, for the purpose of—
 * (a) assessing the impact or potential impact of the cybersecurity threat or incident;
 * (b) eliminating the cybersecurity threat or otherwise preventing any or further harm arising from the cybersecurity incident; or
 * (c) preventing a further cybersecurity incident.

(2) The powers mentioned in subsection (1) are the following:
 * (a) any power mentioned in section 19(2)(a), (b), (c) or (d);
 * (b) direct, by written notice, any person to carry out such remedial measures, or to cease carrying on such activities, as may be specified to the person, in relation to a computer or computer system that the incident response officer has reasonable cause to suspect is or was affected by the cybersecurity incident, in order to minimise cybersecurity vulnerabilities in the computer or computer system;

Examples
 * Examples of remedial measures include—
 * (a) the removal of malicious software from the computer;
 * (b) the installation of software updates to address cybersecurity vulnerabilities;
 * (c) temporarily disconnecting infected computers from a computer network until paragraph (a) or (b) is carried out; and