M'sia policy calls for joint security efforts

KUALA Lumpur, Malaysia--As part of its ongoing efforts to combat against cyber security threats, the Malaysian government has developed a policy aimed at ensuring efforts across at least 10 industry sectors are well-coordinated.

According to a senior official, the National Information Security Policy (NISP) addresses the institutional arrangements, cooperation between the public and private sectors, regulatory and legislative issues, and the technology framework.

Fatmah Mahmood, deputy director of the ICT Policy Division at Ministry of Science, Technology, and Innovation, said 10 critical sectors have been identified so far. They include national defense and security; banking and finance; information and communications; energy, water, and transportation; government emergency services, food and agriculture, and health services.

About 80 percent of these industries involve the private sector, Fatmah said. She added that with the mounting online threats, securing the information infrastructures would require substantial effort by everyone, as well as close collaboration between the government and the private sector.

"Malaysia increasingly relies on information networks for the conduct of vital business. These networks are potentially subject to major disruptions from a variety of external sources," she said.

Fatmah added that cyber security ranks high on Malaysia's national agenda due to the increasing number of cyber attacks and security incidents in recent years. For example, 45 Malaysian Web sites have been defaced since the beginning of the year, according to security reports by the Malaysian Computer Emergency Response Team (MyCERT). These include government portals, and most of the recently defaced sites were posted with messages of "hatred and dissatisfaction" against the Malaysian government, she noted.

Statistics compiled by the National ICT Security and Emergency Response Centre (Niser) also showed that hundreds of Malaysian Web sites came under attack last year.

Fatmah pointed out that the unavailability of computer resources, breach of confidentiality, and loss of data integrity affect the image of the country. Such incidents also add to the "loss of confidence and credibility in our financial systems", she said.

According to her, there is a four-phase roadmap for the implementation of the NISP. The first two phases-- information gathering and analysis, and formulation of information security vision--have already been completed. The third and fourth phases involve the development of the info security policy, followed by the charting of the roadmap and action plan for policy implementation.

"We do expect to have the NISP ready by year-end, and this will be followed by implementation throughout the nation," said Fatmah.

Besides Mimos, which is the lead agency for the NISP, consulting companies KPMG and Jagat Consulting are also involved in drafting the policy.

Cordelia Lee is a freelance IT journalist based in Malaysia.