Professional Documents
Culture Documents
MalaysiaCyberSecurityStrategy2020-2024
MalaysiaCyberSecurityStrategy2020-2024
CONTENTS
INTRODUCTION 4
CYBER SECURITY LANDSCAPE & ECOSYSTEM 14
ISSUES & CHALLENGES 20
STRATEGIC PILLARS 28
PILLAR 1 30 PILLAR 4 62
Effective Governance Enhancing
and Management Capacity &
Capability Building,
PILLAR 2 Awareness and
Strengthening 44 Education
Legislative Framework
and Enforcement PILLAR 5 74
Strengthening
PILLAR 3 Global
Catalysing World 54 Collaboration
Class Innovation,
Technology, R&D and
Industry
CONCLUSION 84
ABBREVIATIONS 88
4 Malaysia Cyber Security Strategy 2020-2024
INTRODUCTION
security controls over vital assets, of the laws of Malaysia with a view
as well as to ensure that the CNII to enhance the existing legislative
sectors are protected to a level and regulatory framework used
that commensurate with the risks to combat cybercrime. The
faced. amendments to certain laws are
now in progress, where the AGC
The establishment of the National collaborates with law enforcement
Cyber Security Agency (NACSA) agencies and other relevant
further reaffirmed the growing government bodies.
importance of cyber issues to
Malaysia’s national security. Furthermore, a national policy
NACSA is a dedicated agency that and procedure in managing
oversees all national cyber security cyber crises has been formulated
functions formed under the aegis to ensure that cyber attacks
of the National Security Council and cyber incidents are being
(NSC). NACSA was established managed proactively through
as a response to the dynamic a coordinated approach at the
nature, increasing sophistication, national level. This initiative is
global nature and heighten socio- closely guided by the National
economic impact of cyber security Security Council’s Directive
threats. It serves as the lead No 24: Policy and Mechanism
agency that integrates the existing of the National Cyber Crisis
cyber security capabilities. This Management, an executive
includes combating cybercrime directive that outlines the
in a strategic and coordinated nation’s strategy for ‘cyber crisis
manner in partnership with mitigation and response’ through
the private sector and other public and private collaboration
governments. and coordination. There are six
(6) main principles under this
The efforts are ongoing to directive namely national cyber
assess the current legislative crisis management structure;
framework for cybercrime issues national cyber-threat levels;
and cases. In order to adapt to Computer Emergency Response
the ever-changing landscape of Team (CERT); cyber security
cyberspace, existing laws need protection mechanisms; response,
to be enhanced to effectively communication and coordination
address the legal challenges procedures; and a readiness
in taking action against cyber programme.
criminals. The Attorney General’s
Chambers (AGC) led the review
Malaysia Cyber Security Strategy 2020-2024 7
The government has also established
the National Cyber Coordination and
Command Centre (NC4), a centre that
deals with cyber threats and crises at the
national level. The NC4 was developed
under the purview of the NACSA as a
central coordination and command facility
responsible for managing cyber security
at the national level, including mitigation,
preparedness and response functions at a
strategic and tactical level. It is connected
to the entire main cyber security-operating
centre (SOC) in Malaysia namely MCMC
Network Security Centre, Government
Integrated Telecommunications Network
(GITN) SOC, Cyber Defence Operation
Centre (CDOC) and Cybersecurity Malaysia
SOC. It has the ability to determine the
national cyber security threat level and
assess the impact of the threats to the
country.
NATIONAL CYBER
DRILL EXERCISE
X-Maya is a National Cyber Crisis Exercise, a large scale cyber-attack
simulation on Critical National Information Infrastructure
Objectives
• To exercise the workability, identify the gaps and further
improve the National Cyber Security Response, 2008 2009
10 28
Communication & Coordination Procedure
96 100
of internal incident handling procedure within CNII
agencies /organisations
Malaysia cyberspace is
secured, trusted
and resilient, fostering
economic prosperity and
citizens’ well-being
200
0
January
February
March
April
May
June
July
August
September
October
November
December
2018 Total Case :
10,742 2019 Total Case :
11,875
Estimated Loss :
RM397,944,265 Estimated Loss :
RM497, 719, 498
SOURCE: Royal Malaysian Police
NC4 reporting reveals that cyber intrusions at 2,076 and 1,270 cases,
security incidents are increasing respectively. However, in 2019 the
since 2016 to 2018. In 2018, a total number of incidents reported
total of 5,627 cyber security to NC4 has shown a significant
incidents were reported to the decreased to 3,787 cases
NC4 compared to 2,981 in 2017 compared to 2018. This reflects
and 2,429 a year before that. the effectiveness of proactive
Malicious software infections top measures that has been put in
the rest with 2,244 cases, followed place to secure our cyberspace.
by intrusion attempts and actual
Malware Hosting 0 0 15 6
Potential Attacks 26 57 3 60
There are also concerns about One of the main reasons for the
the increasing number of content- establishment of NACSA was to
related issues in Malaysian coordinate and complement all
cyberspace. While these incidents efforts on cyber security to make
are relatively still small in number, sure that all aspects are given
the impact on the nation is not. due attention. While focusing on
Given the speedy and widespread cyber security policy, governance
nature of the Internet as a medium and coordination matters, NACSA
of delivery, the effects of content- will also be administering other
related issues are potentially areas of concern, which will be
more detrimental and damaging. mandated to specialised agencies.
For this reason, Internet-based
contents, in the form of fake news, Efforts concerning other
misinformation, contents that are target areas, namely the CNII,
seditious and slanderous in nature, cybercrime, awareness, capacity
or with racial or religious overtones, building and international
are taken very seriously by the cooperation will be delegated to
Malaysia Cyber Security Strategy 2020-2024 17
18 Malaysia Cyber Security Strategy 2020-2024
No of cases
6000 5,956
5000 2019
3000
3,325
2000
1,708
500 45 103
63 26 146
2 119
57 377 3
30
0
419 Scam
Personal Data
E-Commerce Fraud
Intellectual Property
Infringement
Breaches
Obscene, indecent,
offensive content
Fraud
(Nigerian Scam)
Materials
(Online Purchase)
E-Financial Fraud
false, menacing or
Telecommunication
STRATEGIC
PILLARS
Malaysia Cyber Security Strategy outlines our key objectives,
categorised into five strategic Pillars that will govern all
aspects of cyber security planning and implementation in
Malaysia until 2024. The Strategy is focused on the three
overriding success factors for interrelated and interdependent
organisational change, namely People, Process and
Technology.
Effective
Governance
and Management
This Pillar aims to achieve the clearly defining the roles and
ability to defend our networks, responsibilities of all parties within
data and systems from cyber the ecosystem. This can be
threats and subsequently respond accomplished by reviewing the
to threats effectively in a well- current roles and responsibilities
coordinated and concerted held by the existing cyber security
manner. Equally imperative is stakeholders in Malaysia.
the ability to predict and detect,
investigate and disrupt hostile Recognising the critical and
actions against the government, highly interdependent nature of
businesses and citizens of Malaysia. CNII organisations from both the
To achieve this, the government government and private sectors
shall play the crucial role of in managing cyber security risks
ensuring that all action plans are and incident responses, the
properly implemented by the government will continue to clarify
intended entities. the roles and responsibilities of
the respective organisations as
In order to enhance the national technologies evolve to ensure
cyber security governance the CNII are protected to a level
framework, we will strengthen that commensurates with the risks
governance structures by faced.
Malaysia Cyber Security Strategy 2020-2024 33
Best practices
Standards compliance
STRATEGY
1 Enhancing National Cyber Security Governance
and Ecosystem
STRATEGY
2 Improving Organisation Management and Business
Operation (Government, CNII and Business)
STRATEGY
3 Strengthening Cyber Security Incident Management and
Active Cyber Defence
Policy
Governance
Coordination
Cybercrime
Information Exchange &
Collaboration Platform Academia &
Researchers
Awareness & Education
International
Utilisation of Capacity Building Partners
Experts
& Resources
International Cooperation
NATIONAL CYBER
WORKFORCE
2
STRENGTHENING
LEGISLATIVE FRAMEWORK
AND ENFORCEMENT
44 Malaysia Cyber Security Strategy 2020-2024
Strengthening
Legislative
Framework
and Enforcement
Communications and
Consumer Protection Act 1999
Multimedia Act 1998
Anti-Money Laundering,
Anti-Terrorism Financing and Proceeds Film Censorship Act 2002
of Unlawful Activities Act 2001
SUMMARY
STRATEGY
4 Enhancing Malaysia’s Cyber Laws to
Address Current and Emerging Threats
STRATEGY
5 Enhancing the Capacity and Capability
of Cybercrime Enforcement
Comprehensive
SOP
Adequate
Tools
CYBERCRIME
COORDINATION Expert Groups
CENTRE
3
CATALYSING
WORLD CLASS INNOVATION,
TECHNOLOGY, R&D
AND INDUSTRY
54 Malaysia Cyber Security Strategy 2020-2024
Catalysing
World Class
Innovation,
Technology,
R&D and Industry
To ensure self-reliance and encourage economic growth,
the government plans to spur innovative cyber security
technology research and development (R&D) by local industry
players through the development of the National Cyber
Security Research and Development Roadmap and creating
a conducive domestic environment for innovation and R&D.
The key objective of the Roadmap is to spearhead innovation
in the areas of cyber security, safety and privacy protection.
Malaysia Cyber Security Strategy 2020-2024 55
Towards this end, we will establish two decades. Key areas of R&D
a R&D collaboration platform include:
between the government,
academia and industry with the • Privacy enhancing technology;
objective of generating local • Digital signature;
innovations and scaling-up • Digital identity;
existing cyber security technology • Entity authentication;
solutions. This will not only address • Encryption algorithm; and
current cyber security challenges, • Cyber physical security
but also drive local industry to
compete and thrive at the global Technologies developed have
level. been incorporated into various
systems to provide higher security
MIMOS Berhad is well positioned posture, for example Malaysian
to spearhead this initiative since Health Data Warehouse,
it has been very active and Government Online Services
productive in driving R&D in Cyber Gateway, National Cyber
security, together with partners Coordination and Command
from the academia, industry Centre, and the National Digital ID
and government, for more than Proof-of-Concept.
SUMMARY
STRATEGY
6 Spurring National Cyber Security R&D
Programme
STRATEGY
7 Promoting a Competitive Local Industry and
Technology
• Promote the use of local ICT security products and services and
support the growth and expansion of the local cyber security
industry
R E S E A R C H & D E V E LO P M E N T
ROADMAP
LO C A L I N D U S T R Y D E V E LO P M E N T
Enhancing
Capacity and
Capability
Building,
Awareness and
Education
To meet the challenges of the rapidly changing nature of
cyber threats, the government will develop and implement
a comprehensive National Cyber Security Capacity and
Capability Plan that will determine the areas of expertise
and skill sets that will need to be continuously improved and
enhanced at national, sectoral and organisational levels.
Malaysia Cyber Security Strategy 2020-2024 63
Correspondingly, this Pillar aims to enhance capacity and capability
building, awareness and education through three strategic initiatives,
specifically by:
• CyberSecurity Malaysia in
collaboration with MOE and DiGi
Telecommunications Sdn. Bhd.
runs the CyberSAFE campaign to
nurture positive and responsible
Internet use among ICT users; and
SUMMARY
STRATEGY
8 Enhancing National Cyber Security
Capacity and Capability Building
STRATEGY
9 Enhancing Cyber Security Awareness
STRATEGY
10 Nourishing Cyber Security Knowledge
Through Education
Adequate Tools
& Technology
National Cyber
Security Capacity
& Capability Building
Plan
National Cyber
Security Awareness
Master Plan
Talent
Development
Cyber Security
Education
Develop a comprehensive
plan to build adequate tools
and technology through an
integrated approach
Strengthening
Global
Collaboration
For that reason, this Pillar aims to strengthen global collaboration through
two strategic initiatives specifically by:
Demonstrating
Strengthening Malaysia's
international commitment in
collaboration and promoting a secure,
cooperation stable and peaceful
in cyber security cyberspace to
affairs uphold international
security
76 Malaysia Cyber Security Strategy 2020-2024
Having a comprehensive
plan will only be beneficial if
the government machinery
responsible for implementation is
well equipped with appropriate
skills and knowledge. Hence, the
relevant government agencies will
work together to embed cyber
security as one of the elements in
our diplomatic and international
affairs capacity building
programme. The aim is to ensure
that our diplomats around the
globe have a clear understanding
of key cyber security issues and
knowledge of our national context.
Malaysia Cyber Security Strategy 2020-2024 77
SUMMARY
STRATEGY
11 Strengthening International Collaboration
and Cooperation in Cyber Security Affairs
• To identify and establish formal and informal bilateral cooperation in cyber security
12
Demonstrating Malaysia's Commitment in Promoting
STRATEGY
Secure, Stable and Peaceful Cyberspace to Uphold
International Security
Align domestic
and international
cyber security
efforts
CONCLUSION
ACKNOWLEDGEMENT
In the journey of the development of the Malaysia Cyber Security Strategy
(MCSS), an extensive deliberations, engagements and dialogues with a range
of stakeholders has been carried out to gather inputs, feedbacks and insight
from their point of view. A series of workshops, seminars and conferences has
been conducted which involved government ministries and agencies, CNII
agencies, enforcement agencies, industry, businesses, academia, non-gov-
ernment organisations as well as the public.
ABBREVIATIONS
AGC Attorney General’s Chambers
AI Artificial Intelligence
APCERT Asia-Pacific Computer Emergency Response Team
APEC Asia-Pacific Economic Cooperation
APT Advanced Persistent Threat
ASEAN Association of South East Asian Nations
BYOD Bring Your Own Device
CBMs Confidence Building Measures
CERT Computer Emergency Response Team
CGSO Chief Government Security Office
CMCF Communications and Multimedia Forum of Malaysia
CNII Critical National Information Infrastructure
CSIRT Cyber Security Incident Response Team
FIRST Forum of Incident Response and Security Teams
GFCE Global Forum on Cyber Expertise
ICS Industrial Control System
ICT Information and Communications Technology
IoT Internet of Things
IT Information Technology
MAMPU Malaysian Modernisation and Management Planning Unit
MCMC Malaysian Communications and Multimedia Commission
MCSS Malaysia Cyber Security Strategy
MDEC Malaysia Digital Economy Corporation
MOE Ministry of Education
MOH Ministry of Health
MWFCD Ministry of Women, Family and Community Development
NACSA National Cyber Security Agency
NC4 National Cyber Coordination and Command Centre
NCCEP National Cybercrime Enforcement Plan
NCCMP National Cyber Crisis Management Plan
NCSP National Cyber Security Policy
NSC National Security Council
OIC Organisation of Islamic Cooperation
OT Operational Technology
R&D Research and Development
SEARCCT Southeast Asia Regional Centre for Counter-Terrorism
SOP Standard Operating Procedures
UN United Nations
UNICEF United Nations Children’s Fund
Level LG & G, West Wing
Perdana Putra Building
Federal Government Administrative Centre
62502 Putrajaya
MALAYSIA