Thanks to the watchful guardians who tirelessly defend our nation against digital threats.
In Malaysia, there is no single regulatory authority dedicated to cyber security currently. Instead, cyber security is dealt with by various law enforcement agencies, regulators, government departments, and statutory bodies.
Join us as we explore the roles of these unsung heroes who safeguard the virtual borders of our country.
CyberSecurity Malaysia (CSM) operates as Malaysia’s dedicated agency for cyber security, falling under the jurisdiction of the Ministry of Communications and Digital (KKD).
CSM is initially established as NISER (National ICT Security and Emergency Response Centre) on January 24, 1998. It marked the first significant step in addressing national information security concerns.
Over time, as the government granted NISER additional responsibilities in implementing the National Cyber Security Policy (NCSP), it underwent a name change to CyberSecurity Malaysia to better signify its expanded roles.
With a primary objective of bolstering Malaysia’s self-reliance in cyberspace, CSM is committed to providing a diverse array of cyber security services and programmes, including:
In the array of services offered, those falling under Cyber Security Responsive Services hold particular relevance in our daily lives, and the Malaysia Computer Emergency Response Team (MyCERT) is one of its integral components.
MyCERT operates the Cyber999 Help Centre which serves as a crucial platform for Malaysian internet users to report various computer security incidents. These incidents include cyber harassment, malware, intrusion, hack attempts, and other breaches in information security.
Remarkably, CSM and its subsidiaries do not operate as law enforcement agencies and lack the authority to impose penalties or fines on offenders. The primary responsibility for law enforcement lies with the police.
Nevertheless, CSM and its subsidiaries did play an active role in preventive and restorative measures concerning cyber security. They collaborate with law enforcement agencies, leveraging CSM’s specialised expertise to fulfil their respective roles.
The National Cyber Security Agency (NACSA) serves as Malaysia’s central hub for cyber security affairs under the National Security Council. Besides its regulatory mandates, NACSA does not possess enforcement powers to penalise offenders.
Established in February 2017 to bolster our national cyber security ecosystem, NACSA coordinates top experts and resources in the field to execute the following job scopes:
Develop and implement national cyber security policies
Protect the networks, systems and data of the government and Critical National Information Infrastructures (CNII) agencies
Spearhead cyber security awareness, acculturation and capacity-building programmes
Foster constructive regional and global networks among entities with shared interests in cyber security
One of the notable responsibilities among these job scopes is the protection towards Critical National Information Infrastructures (CNII) agencies.
As evident from its name, the CNII agencies are the critical sectors in Malaysia. Specifically, it refers to the 10 sectors below:
Defence and security
Banking and finance
Information and communications
Food and agriculture
Typically, malicious cyber activities target a nation’s vital pillars. Hence, CNII agencies will mostly be the prime targets for cyber threats in Malaysia.
As breaching these digital fortresses can profoundly impact our country’s operations, this is where NACSA steps in. NACSA implements proactive measures to safeguard CNII agencies’ networks, systems, and data whilst enhancing interagency coordination to combat cybercrimes.
However, given the critical and highly interdependent nature of CNII agencies, it’s actually crucial for these entities to take proactive steps in fortifying their systems beyond relying solely on NACSA and other relevant authorities.
At VeecoTech, we offer comprehensive cyber security assessments. While addressing vulnerabilities across various platforms, including web applications, mobile apps, systems, and networks, we also evaluate your business’s adherence to industry best practices and standards.
We know that the journey of combating cyber threats demands continuous effort. Hence, we provide thorough assessment reports upon completion of the assessments to empower you in strengthening your systems for the future.
The Personal Data Protection Department (PDPD) was established under the purview of the Ministry of Communications and Multimedia (KKMM) on May 16, 2011.
This department plays a vital role in safeguarding individuals’ personal data, especially in commercial transactions and ensuring compliance with the stipulations of the Personal Data Protection Act 2010 (PDPA).
Key functions of the PDPD include:
Overseeing matters related to consumer data registration and user forums to ensure their alignment with PDPA.
Promoting programme policies and activities for a positive image of PDPD through strategic planning.
Providing technical support and advisory assistance for ICT implementation to PDPD’s personal data protection personnel.
Handling administrative and financial matters for PDPD.
In the enforcement of PDPA, this department is mandated to register all Data Users, and also to address and investigate complaints related to PDPA violations.
Additionally, the PDPD collaborates with the Attorney General’s Chambers of Malaysia (AGC) to prosecute data users who breach the PDPA.
The establishment of the Special Cyber Court marks a crucial step in addressing the escalating threat of cybercrime in Malaysia.
Launched on September 1, 2016, at the Kuala Lumpur court complex, the cyber court aspires to equip the legal system with adequate resources to address various cybercrime offences, including:
Sedition and harassment
Theft of online information
Operating as an e-court, the Special Cyber Court is equipped with essential tools to manage evidence in cybercrime cases. It has specialised judges for cybercrime and computer-related civil matters, all undergoing mandatory training for essential IT knowledge and skills.
Given the prevalence of cybercrime in our country, the government plans to establish Special Cyber Courts in other states too. The project will commence in Selangor and Johor, with plans to extend the coverage to all remaining states in the coming years.
Malaysian Communications and Multimedia Commission (MCMC)
In addition to its primary functions, MCMC also plays a crucial role in technical regulation. Under sections 96, 184, and 185 of the CMA, MCMC is entrusted with the development and enforcement of various voluntary technical codes.
These codes serve to standardise the technical aspects of the industry, whilst fostering collaboration among diverse communication and multimedia networks in the country.
Moreover, the Malaysian government has initiated the adoption and certification of CNII agencies (the critical sectors in Malaysia), both in the public and private domains, to adhere to the ISO 27001 standard.
MCMC itself also holds the responsibility of ensuring proper enforcement and accurate reporting on the implementation of this standard. In the future, these initiatives will extend to non-CNII sectors.
Now, here we come to the exciting part – our Cyber Maturity Pre-Assessment is featuring the ISO 27001 framework! This assessment will evaluate your organisation’s compliance with industry best practices and standards, with a specific focus on the ISO 27001 framework.
To further strengthen the digital defences of CNII and non-CNII sectors, we provide Vulnerability Assessment and Penetration Test as well.
Find out more about our Cyber Security Assessment Package here!
Sector-specific Authorities (Finance)
Next, we’ll delve into two authorities dedicated to addressing cyber security issues within the financial sector.
It’s important to highlight that failure to adhere to the guidelines issued by these authorities may subject an organisation to regulatory sanctions.
These may range from warnings, public or private reprimands, orders to rectify non-compliance, monetary penalties, to even imprisonment.
In instances of severe non-compliance, legal proceedings may be initiated by these authorities against the organisation.
To ensure effective data and IT security measures for banks and financial institutions, this guideline mandates these financial entities to pursue MS ISO/IEC 27001 certification for critical systems like payment and settlement systems.
Moreover, BNM possesses the authority to enforce sanctions, encompassing criminal, civil, and administrative actions. These measures span from:
Issuance of warning letters
Joint raids with other authorities
Pursue legal action in the courts
Impose financial penalties and imprisonment sentences
These enforcement powers are derived from various legislations, including but not limited to the Financial Services Act 2013 (FSA), the Islamic Financial Services Act 2013, and the Money Services Business Act 2011.
Securities Commission Malaysia (SC) is a self-funded statutory body that directly reports to the Minister of Finance. Established on 1 March 1993 under the Securities Commission Act 1993 (SCA), SC is tasked with regulating and developing the Malaysian capital market.
The main responsibilities of SC are shown below:
Rule-making and enforcing regulations in the capital market
Supervising capital market activities and institutions
Regulating entities and persons licensed under the Capital Markets and Services Act 2007
Registering authority for prospectuses
Approving corporate bond issues
Regulating unit trust schemes, securities and futures contracts
Regulating takeovers and mergers of companies
Licensing and supervising all licensed persons
Supervising exchanges, clearing houses, and central depositories
Aside from this, SC has also issued the Guidelines on Management of Cyber Risk. This guideline explicitly outlines the roles and responsibilities of the board of directors and management of capital market entities in governing cyber risk.
The guideline also encompasses the policies and procedures that should be implemented to address cyber risks, as well as measures for the prevention, detection, and recovery from a cyber breach.
While SC does not extensively regulate cyber security, this guideline may provide valuable insights into the ways to mitigate cyber risks for the relevant authorities.
Notably, SC is endowed with civil, criminal, and administrative enforcement powers under the Capital Markets and Services Act 2007 (CMSA), the Securities Commission Act 1993 (SCA), and the Securities Industry (Central Depositories) Act 1991.
While these authorities set the rules and regulations to establish a baseline for cyber security, cyber security assessments bring a proactive twist to securing our businesses online.
These assessments enable businesses to find out their specific vulnerabilities, risks, and how well they follow industry best practices.
After all, it’s a collaborative effort to create a safer digital space.
Ready to fortify your systems? VeecoTech is here for you, providing top-notch cyber security solutions. Reach out to us today!
What distinguishes CyberSecurity Malaysia (CSM) from the National Cyber Security Agency (NASCA) in terms of their cyber security roles?
CSM and NASCA play distinct yet complementary roles.
CSM is primarily focused on providing proactive and reactive cyber security services and conducting research, aiming to actively safeguard the nation’s digital infrastructure.
In contrast, NASCA is a national-level agency with a strategic focus on formulating and coordinating policies and strategies to enhance Malaysia’s cyber security resilience.
What are the key responsibilities of the Personal Data Protection Department (PDPD) in Malaysia?
PDPD is tasked with ensuring the protection of individuals’ personal data especially in commercial transactions and ensuring compliance with the stipulations of the Personal Data Protection Act 2010 (PDPA).
How does the Cyber Court handle cyber-related legal matters in Malaysia?
The Cyber Court specialises in addressing legal issues related to cybercrimes, providing a dedicated platform for prosecuting and adjudicating cyber offences.
What role does the Malaysian Communications and Multimedia Commission (MCMC) play in cyber security?
MCMC oversees the communications and multimedia industry while ensuring its alignment with the national policy objectives.
It also develops and enforces voluntary codes related to technical regulation for enhanced cyber security in our country.
How do the functions of Bank Negara Malaysia (BNM) and Securities Commission Malaysia (SC) differ in dealing with cyber security issues?
BNM primarily regulates the financial sector, with a focus on banks. Its role in cyber security involves formulating policies and strategies to safeguard critical systems like payment and settlement systems.
SC, on the other hand, oversees the capital market, implementing measures to strengthen cyber security within this sector to ensure market integrity and protect investors.
Yun Ning is a creative marketer with a love for content writing. She discovers joy in researching and transforming researched information into easily understandable words. Outside of work, she indulges in movies and cooking.