MALAYSIA CYBER SECURITY STRATEGY 2020-2024

Part 1 (INTRODUCTION) Malaysia Cyber Security Strategy 2020-2024

📕 This document consist of 91 pages written about country Cyber Security Strategy, vision and mission plus steps will be taken to enhance cyber security environment in Malaysia.

🎯 I aim to break down into summary of all the parts in it and these include the 5 strategy pillars. The summary of introduction :

✅ Broadband connectivity has become a necessity for businesses, services and citizens of Malaysia to succeed and be relevant in the Fourth Industrial Revolution (Industry 4.0).

✅ Vision can be achieved by fortifying local capabilities to predict, detect, deter and respond to cyber threats by strengthening our cyber security governance, nurturing competent people, supporting best practice processes and deploying effective technologies.

✅ In 2018 there are 28.7 million Internet users in Malaysia which represent 87.4% of the population. Such astounding figures illustrates our growing dependency and connectedness to cyberspace.

✅ Malaysia recognises cyber security as a national priority. This has led to the formulation of the National Cyber Security Policy (NCSP) in 2006. It developed to address the risks to the Critical National Information Infrastructure (CNII), which are made up of 10 sectors namely: National Defence and Security; Banking and Finance; Information and Communications; Energy; Transportation; Water; Health Services; Government; Emergency Services; and Food and Agriculture.

✅ The creation of the National Cyber Security Agency (NACSA) in Malaysia highlights the increasing significance of cyber-related matters for the country's national security. NACSA is a specialized agency responsible for supervising all national cyber security operations, operating under the National Security Council (NSC).

✅ The Attorney General's Chambers (AGC) is leading a review of Malaysia's laws to strengthen the current legislative and regulatory framework for combatting cybercrime. This includes ongoing amendments to specific laws, with collaboration between the AGC, law enforcement agencies, and other relevant government bodies.

✅ A national policy and procedure for managing cyber crises in Malaysia has been developed, aiming to handle cyber attacks and incidents proactively through a coordinated approach at the national level. This initiative is guided by the National Security Council's Directive No 24, which outlines the strategy for cyber crisis mitigation and response through collaboration between public and private sectors. The directive includes six main principles: a national cyber crisis management structure, national cyber-threat levels, a Computer Emergency Response Team (CERT), cyber security protection mechanisms, response, communication and coordination procedures, and a readiness programme.

✅ The National Cyber Coordination and Command Centre (NC4) has been established by the government to address cyber threats and crises at the national level. Operating under the NACSA, the NC4 serves as a central coordination and command facility responsible for managing cyber security across the country. It handles strategic and tactical functions related to cyber threat mitigation, preparedness, and response at the national level.

✅ Malaysia has also implemented the initiative to ensure the adoption and certification of the CNII agencies (public and private) to the MS ISO/IEC 27001: Information Security Management Systems standard and other related certifications. This initiative is to ensure the CNII agencies and organisations have the necessary information security protection in place and are in compliance with the standard.

✅ Over the past decade, an important cyber security initiative called the National Cyber Crisis Exercise, also known as X-Maya, has been conducted. This exercise aims to evaluate the efficiency of procedures developed under the National Cyber Crisis Management Plan (NCCMP) and assess the readiness of critical national infrastructure agencies in dealing with cyber-attacks.

✅ Malaysia has also been actively creating awareness and capacity building programmes.  Under this Master Plan, four (4) main target groups, (kids, youth, adults/parents and organisations), were identified for specific cyber security awareness programmes and initiatives.

✅ To tackle the shortage of skilled cyber security professionals, a comprehensive capacity building plan will be established, building upon existing initiatives with added emphasis. The plan will begin by integrating cyber security into school curricula, followed by specialized skill development at higher education institutions. Additionally, training and skills development schemes will be implemented for both experts and non-experts in the public and private sectors.

In conclusion, cyber threats are persistent, and the risk of large-scale targeted cyberattacks will always be present as long as everything remains interconnected. While these threats cannot be completely eliminated, they can be reduced through mitigation efforts. To achieve this, it is essential for everyone to take responsibility and collaborate in enhancing Malaysia's overall cyber security readiness, capacity, and capabilities. Working together is key to effectively countering cyber threats.