PKI in Malaysia: Securing online trust an issue

On its part, Malaysia has passed legislation under Digital Signature Act 1997 that enforces legal recognition of digital signatures and gives the same force of law as handwritten signatures.

On its part, Malaysia has passed legislation under its Digital Signature Act 1997 that provides legal recognition of digital signatures, giving them the same force of law as handwritten signatures.

Also, a company must be licensed to operate as a Certification Authority (CA) in Malaysia, by the Office of the Controller of Certification Authorities, which was established within the Ministry of Energy, Communications and Multimedia to serve as a regulatory body. It issues licences to CAs and establishes cross-certification policies with foreign CAs or PKIs.

Subsequently, the Digital Signature Regulations 1998 came into force to cover license application and auditing of the CA.

Malaysia Post, MIMOS and GITN formed the first CA known as Digicert in 1998 before MSC, an affiliate of Verisign Inc, was registered in 1999 as the second CA.

By using a combination of direct and Registration Authority-based approach for authentication and distribution of digital certificates, Digicert has issued about 40,000 certificates in its first financial year.

Expanding its wings, Digicert recently appointed KKIP Communications Sdn Bhd as its first Registration Authority (RA) in the state of Sabah. KKIP acts as a statewide Internet Service Provider (ISP) and Application Service Provider (ASP) to the Sabah Government via Sabah.Net and is Digicert's sixth RA in Malaysia.

In a related development, the National ICT Security and Emergency Response Centre (NISER) will begin an accreditation program to produce qualified information and communications technology (ICT) security consultants in Malaysia.

Its director Major Husin Jazri said the center will be working with US-based ICT security body, System Administration and Network Security (SANS), to provide technical training and security certification courses for local ICT professionals.

Under the collaboration, NISER will initially be hosting the courses in Malaysia while SANS will provide training material, instructors and certification examination. Over time, according to Husin, NISER will be conducting some SANS courses using locally qualified trainers from the initial batch of participants.

Based on NISER statistics, from August 1997 to March this year, Malaysia has experienced an 1,713 ICT security cases with an average of 400 cases per year. Security threats in the Government were the highest in 2000 with a total of 27 cases of abuse, followed by the private sector with 19 cases.

With such a rampage of security abuses, ensuring trust among the online users, specifically in high-value online business transactions, will be a burning issue for the country to solve.

Read more about PKI in Asia.