IN 2016, CyberSecurity Malaysia (CSM) reportedly detected attempts of intrusions in several local servers some of which belong to Malaysia’s Critical National Information Infrastructure (CNII) — government agencies, financial institutions and universities.
It means that Malaysia could not hide from malicious acts in the cyber domain, and moreover, Malaysia has been listed as among the main countries susceptible to cyber threats, according to a study by International Telecommunications Union (ITU).
In response to growing trends of securing critical infrastructure, Malaysia has gradually shielded its CNII with more systematic protection in multiple ways, which are in tandem with the National Cyber Security Policy (NCSP).
First, as part of the government’s initiative to bolster cyber defence, the National Security Council (NSC), in collaboration with CSM, organised the annual coordinated simulation exercise, X-Maya, to assess the cyber security emergency readiness and preparedness of CNII agencies against cyber attacks.
This year’s exercise also witnessed the utilisation of the National Cyber Coordination and Command Centre (NC4), a national level state-of-the-art cyber security centre devoted to confronting cyber threats and crises. The exercise also highlighted the importance of communication between agencies to ensure effective measures are taken against the cyber threats.
Second, in keeping with the government’s consistent reinvention of its cybersecurity programme, Deputy Prime Minister Datuk Seri Dr Ahmad Zahid Hamidi, had, in June, announced that the government will endeavour to introduce a new legislation, the Cybersecurity Act 2017. The new legislation would empower the National Cybersecurity Agency (NCSA) to act as the “mother agency” coordinating all efforts against cyber threats faced by the country. Employing NCSA would complement the role of the NSC as the highest security agency in the country.
The new legislation could positively address legal measures on managing common forms of cyber attacks and not just be limited to content-related offences. This far-reaching legislation would address the illegality of malicious acts in cyberspace with proportionate penalties.
Arguably, the legislation is essential to deal with the multifaceted nature of the increasingly sophisticated cyber threats that are not just content-related. In addition, given the dynamics of cyber threats, it may increase the risk of conflict with national security priorities, such as censorship, surveillance and other probable measures over computer networks, which could supersede civil liberties of its perpetrators.
Incidentally, most governments in the world face the complexities of balancing the different aspects of state security risks.
Third, earlier this year, Defence Minister Datuk Seri Hishammuddin Hussein announced the establishment of the Armed Forces’ Cyber Defence Operation Centre (ATM CDOC), which will be under the purview of Defence Intelligence Staff Division (DISD). ATM CDOC is entrusted with monitoring, preventing, controlling and analysing cyber threats, with primary functions of securing the national defence system.
Currently, ATM CDOC operates incognito, and it was promoted by our defence minister as the most advanced cyber operation centre among Asean countries.
Fourth, the government has elevated efforts in securing the cyber domain at international and regional levels by participating in various processes. This includes the inaugural Asean Ministerial Conference on Cybersecurity (AMCC) in Singapore last year.
The AMCC highlights extensive compromise between Asean member states, as an agreement was reached on the value of developing a set of practical cybersecurity norms of behaviour in the Asean region to ensure a secure and resilient cyberspace.
Discussion at the regional level is important as it is also intended to improve regional understanding of cyberspace, from finding common lexicon to setting the norms. It is important because routine misperception of the word “cyber” is one of many reasons why most countries do not have a common framework to discuss cyberspace.
Furthermore, the outcome of those processes could lead to a comparative study of approaches of states in the region and ultimately, yield a better sense of shared priorities and divergences among the states. Cyber threats are a serious impediment to bolster and achieve a safer cyber environment.
As Malaysia is on the cusp of transforming into a truly digital landscape, it is imperative to address the recurring cyber anomalies. Thus, it is fallacious to dismiss the government’s effort in improving the effectiveness of cyber security in Malaysia because ultimately, it warrants trusted systems and strategies that necessitate staunch cyber security practices.
While acknowledging the recent ITU’s Global Cybersecurity Index, which ranked Malaysia as third most committed country in the world in strengthening cyber capabilities, more can and should be done.
This article first appeared in The New Straits Times on 13 September 2017