Page:Cybersecurity Act 2018.pdf/33

34 :(g) take a copy of, or extracts from, any electronic record or computer program contained in a computer that the incident response officer has reasonable cause to suspect is or was affected by the cybersecurity incident;
 * (h) subject to subsection (5), with the consent of the owner, take possession of any computer or other equipment for the purpose of carrying out further examination or analysis.

(3) A cybersecurity threat or incident satisfies the severity threshold mentioned in subsection (1) if—
 * (a) it creates a risk of significant harm being caused to a critical information infrastructure;
 * (b) it creates a risk of disruption to the provision of an essential service;
 * (c) it creates a threat to the national security, defence, foreign relations, economy, public health, public safety or public order of Singapore; or
 * (d) the cybersecurity threat or incident is of a severe nature, in terms of the severity of the harm that may be caused to persons in Singapore or the number of computers or value of the information put at risk, whether or not the computers or computer systems put at risk are themselves critical information infrastructure.

(4) An incident response officer exercising the power mentioned in subsection (2)(e) may require any assistance the incident response officer needs to gain such access from—
 * (a) any person whom the incident response officer reasonably suspects uses or has used the computer or computer system; or
 * (b) any person having charge of, or who is otherwise concerned with the operation of, such computer or computer system.

(5) Where the owner of the computer or other equipment does not consent to the exercise of the power mentioned in subsection (2)(h), the power may be exercised if the Commissioner is satisfied that—