Technical measures held up by ITU as global best practice
Security part of conversation to prosper in digital economy
ALTHOUGH pleasantly surprised to receive global recognition for its Framework for Security Governance, Toh Swee Hoe (pic)
, chief industry regulation officer for the Malaysian Communications and Multimedia Commission (MCMC
), believes that now is not the time to rest on its laurels.
In fact, he believes that the regulator should be on its toes constantly, as the country needs to ensure that the security governance framework stays robust and relevant, in a landscape that is constantly evolving.
“With Malaysia being the country with the fourth highest percentage of digital natives in the world, it is clear that our lives are increasingly dependant on being online, which in turn means that security has to be part of the conversation if we are to prosper in this digital economy,” he told Digital News Asia (DNA) in an exclusive interview.
"It can destroy confidence if we don’t take care of security and give it the attention it deserves.”
The International Telecommunications Union (ITU) announced in Doha the results of the Global Cybersecurity Index (GCI) on Dec 9. The aim of was to provide a snapshot of where countries stand in their cybersecurity engagements at the national level.
The United States came in first, followed by Canada. Malaysia, Australia and Oman were joint third. Japan, Singapore, Thailand and Indonesia were ranked fifth, sixth, 15th and 13th, respectively.
The GCI looks at a country’s level of commitment in five areas: Legal, technical and organisational measures; as well as capacity-building and cooperation. It was the result of primary and secondary research by both the ITU and ABI Research. The country-level survey, complemented by in-depth qualitative research, was sent out to all ITU member states.
Malaysia’s technical measures were held up by the ITU as an example of a best practice. Toh however was guarded when asked what made Malaysia stand out in this category. “I can’t tell you much as it is sensitive.”
He did share that the MCMC has an overview of all the networks in Malaysia which includes telcos, utilities, energy. This comes under a unit called the Network Security Centre, which swings into action when a network is attacked. MCMC, with its overview, can see what has happened and offer advice and help other CERTs (Computer Emergency Response Teams) to coordinate their defence.
This includes liasing with MyCERT, managed by Cybersecurity Malaysia and G-CERT, which is specifically set up by Mampu (the Malaysian Administrative Modernisation and Management Planning Unit) to handle all government agency needs.
"A breach is always imminent and will happen. Make sure you have procedures in place when something gets attacked so you know how to tackle it to react quickly and nip it in the bud,” he said.
Having said that, the one truth in security is that people will always be the weak link and Toh feels that everyone should be aware that they, on an individual basis, are that weak link in the security chain.
“So don’t say security is someone else’s problem,” he added.
He urged organisations to invest in their people and get them trained. This is because once this is done, organisations will then be able to have a security framework in place and security standards to be adopted.
Toh said that various national-level initiatives that are going on under the cyber security umbrella. For instance, part of Malaysia’s cybersecurity readiness comes from the MCMC leading the Critical National Information Infrastructure (CNII) readiness.
As the regulator of the communications and multimedia industry, MCMC is tasked with ensuring all the CNII entities in the country are certified under MS ISO/IEC 27001:2007 Information Security Management System (ISMS).
These entities report their progress of ISMS implementation to MCMC every quarter, which then reports to the National Cyber Security Coordination Committee and the National Cyber Security Advisory Committee.
Collectively, this and various ongoing national initiatives have propelled Malaysia to being ranked third globally in the ITU’s Global Cybersecurity Index.
Information that was collected for the Global Cybersecurity Index includes laws, regulations, CERTs and CIRTs (Computer Incidence Response Team), policies, national strategies, standards, certifications, professional training, awareness rising and cooperative partnerships.
The day Malaysia painted a bull’s eye on itself
Week in Review: Trust, security and standards, or lack thereof
Cyber-security critical to nation building, sovereignty: Deputy Minister
Singapore announces third cyber-security masterplan
Aware of risks, Malaysians persist with bad online habits: Survey
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.