Malaysian security hub to open soon
CYBERJAYA, MALAYSIA--The country's National Security Centre (NSC), aimed at monitoring and tracking cyber security threats, is expected to be up and running by year-end, according to industry regulator Malaysian Communications and Multimedia Commission (MCMC).
Mohd Ali Hanafiah, senior director for the MCMC's content and network security division, said the center will be housed within its premises and is designed to track malicious Internet traffic on the Web.
The information collated will then be used to create a security threat information database that will be disseminated to all local Internet Service Providers (ISPs), Ali said Tuesday, during a media briefing at the F-Secure seminar held here this week.
"The first phase, to be completed in December, will see the NSC connecting to seven ISPs, starting with larger players such as TM Net, Jaring and TIME dotCom," he said "Our goal is to [eventually] connect all 17 local ISPs to the NSC so they will be able to share information with each other, and respond faster to cyber threats."
The establishment of the NSC is part of MCMC's Framework for Industry Development (FID), and is aimed at ensuring information security and the integrity and reliability of Malaysia's networks. The FID is a five-year plan to develop Malaysia's communications and multimedia sector.
Work on the security center started in 2006, when the industry regulator appointed a consultant to assess the process of setting one up.
Asked how much investment went into the NSC, Ali said: "Phase one will cost between 3 million ringgit (US$855,300) and 4 million ringgit (US$1.14 million)." However, he declined to reveal how much subsequent phases would cost.
Shamsul Jafni Shafie, director of security, trust and governance at MCMC, said the NSC is patterned after Singapore's Cyber-Watch Centre and the Korea Information Security Agency (Kisa).
Shamsul explained: "Our task is not to duplicate the security monitoring process our ISPs already have in place, but to complement them by providing information on cyber security threats.
"Currently, there is no concerted effort to track all malicious software coming into all the nation's networks," he noted. "As such, one ISP may not be aware of the threats which another ISP has discovered. The NSC will hopefully help to solve this [problem] as we plan to share all relevant information amongst all the ISPs."
According to Shamsul, the NSC will not duplicate the security monitoring work currently carried out by the National ICT Security and Emergency Response Centre (Niser)--since renamed CyberSecurity Malaysia--or the Malaysian Computer Emergency Response Team (MyCERT).
He explained that both Niser and MyCERT do not monitor the activities of ISPs, and are not under the purview of the MCMC.
Managed by the industry regulator, the NSC will have its own in-house expertise and will focus specifically on security threats that ISPs face, Shamsul said.
He added that the NSC will only monitor and analyze Internet traffic for malicious activity, and will not censor material on the Internet.
"We are committed to the non-censorship of the Internet as promised by the Multimedia Super Corridor (MSC) Bill of Guarantee," he said. The Bill comprises various conditions the Malaysian government has pledged to observe in order to ensure the Internet will not be censored.
"What we want is to promote a culture of information sharing amongst all the ISPs, in a bid to combat the increasing number of threats facing us today," Shamsul said.
Edwin Yapp is a freelance IT writer based in Malaysia.