The Cyber Security Agency of Singapore (CSA) has worked closely with Sector Leads to identify the Critical Information Infrastructure (CII) supporting the provision of essential services across 11 critical sectors.

The critical sectors are Energy, Water, Banking & Finance, Healthcare, Transport (which includes Land, Maritime, and Aviation), Government, Infocomm, Media, and Security & Emergency Services. The list of essential services in these sectors are published in the First Schedule of the Act.

Under Section 7 of the Act, CII refers to specific computers and computer systems that are explicitly designated by the Commissioner of Cybersecurity. It is not the case that firms and sectors will be considered as CII.

The list of CII and CII owners will be finalised, before CSA and Sector Leads implement the Cybersecurity Act in the second half of 2018. The list of CII and CII owners are secret for national security reasons.