Malaysia

MALAYSIA’S APPROACH AGAINST CYBER
THREATS AND CYBER ATTACKS
Lt Col Mustaffa Ahmad
(Retired)
Vice President Outreach and Capacity Building
CyberSecurity Malaysia
Ministry of Science, Technology and Innovation
TYPES OF CYBER THREAT
Technology Related Threats
Hack Threat
Cyber Content Related Threats
Issues
Threat to National Security
Cross-Border Investigation &
Evidential Matters
Fraud
Sedition/Defamation
Online Porn
Malicious Code
False / Menacing / Offensive
Denial of Service Attack
Harassment
Hate Speech
Slide 2
2
Cyber Security Incidents (1997-2014)
Managed more than 57,000 incidents
16,000
15,218
As of 31st
May2014
14,000
Type of incidents:
12,000
1.
2.
3.
4.
5.
6.
7.
8.
9.
10,000
8,000
6,000
Intrusion
Intrusion Attempt
Denial of Service Attack (DOS)
Fraud
Cyber Harassment
Spam
Content Related
Vulnerabilities Report
Malicious Codes
10636
9,986
8,090
3340
3,566
4,000
2,123
2,000
81
196
1997
1998
527
347
1999
2000
860
625
2001
2002
1,372
912
915
754
2003
2004
2005
1,038
2006
2007
2008
2009
2010
2011
2012
2013
2014
Number of cyber security incidents referred to CyberSecurity Malaysia
(excluding spams)
3
Cyber Crimes are on the Rise
- Like other countries, Malaysia is facing cyber security challenges
Internet Mule:
“individuals willingly or unwittingly roped into
helping organized computer crooks launder money
stolen through online banking fraud”
Since Jan 2012, there have been 6 cases involving
10 Malaysian women
MISUSE OF SOCIAL MEDIA
- threaten national security
2 Jul 2011
-35,942 rated “like”
- to receive news update from BERSIH 2.0
5
Copyright © 2011 CyberSecurity Malaysia
“OPERATION MALAYSIA” BY ANONYMOUS IN 2011

Cyber attacks has defaced 210 websites
6
Emerging Threat
- Cyber Attack on Critical Information Infrastructure
Malaysia’s Critical Information
Infrastructure
 the backbone of the nation
is dependant on ICT
Government
Service
Banking &
Finance
Energy
Health
Services
Emergency
Services
Water
Transportation
Defense &
Security
Food &
Agriculture
Information &
Communication
CURRENT & EMERGING
THREATS
- Sophisticated attackers
- Cyber Terrorism
- Organized Criminals
- Cyber War
NATIONAL CYBER SECURITY POLICY
- Is about Strengthening the Nation’s Cyber Defence
VISION
‘Malaysia's Critical National Information Infrastructure
shall be secure, resilient and self-reliant. Infused with a
culture of security, it will promote stability, social well
being and wealth creation’
DEFENCE & SECURITY
HEALTH SERVICES
INFORMATION &
COMMUNICATION
TRANSPORTATION
BANKING & FINANCE
EMERGENCY SERVICES
GOVERNMENT
FOOD &
AGRICULTURE
ENERGY
WATER
NATIONAL CYBER SECURITY POLICY
Public Private Partnership is managed through holistic manner
addressing the triad of People – Process - Technology
Thrust 1
Thrust 2
Thrust 3
Thrust 4
Effective
Governance
Legislative &
Regulatory
Framework
Cyber Security
Technology
Framework
Culture of Security &
Capacity Building
R&D Towards Self
Reliance
Compliance &
Enforcement
Thrust 5
Thrust 6
Cyber Security
Emergency Readiness
Thrust 7
International
Cooperation
Thrust 8
CyberSecurity
Agenda Malaysia
1997
1998 - 2005
CyberSecurity Malaysia
was launched by the
Prime Minister of Malaysia
on 20 Aug 2007
30 Mar ’07 : NISER officially
registered as
• National Cyber Security Policy (NCSP) was
endorsed by the Cabinet in May 2006.
• CyberSecurity Malaysia
March 2006
- Malaysia’s Cyber Security Centre to
administer NCSP
- Referral agency to handle the nation’s esecurity
Malaysia’s Initiatives
- Adoption of ISMS Certification
Hardening Critical National information Infrastructure against
cyber attacks
 Policy of adoption and certification MS ISO/IEC 27001:2007
(Information Security Management System – ISMS) by Critical National Information
Infrastructure


the beginning towards a reliable, resilient, and trustworthy Malaysia’s critical
information infrastructure
CNII organizations to get ISMS Certification on their critical systems within 3
years from the beginning of February 2010 (as to date 162 out of 200
registered CNII Organizations have been certified)
 Government and CNII - to ensure critical sectors can adopt ISMS certification
within specified time.
Malaysia’s Initiatives
Started in March 2008
Assessment of
current
legislative
framework
Stage 3
Identification of
issues and
challenges faced in
the cyber
environment
Stage 2
Stage 1
- Enhancing Malaysia’s Laws to accommodate legal challenges
in cyber environment
Recommendation
of type of
amendments to
the law
- Study completed in
August 2009
- Under consolidation
Government - Law Enforcement Agency - Attorney’s General
and Legal Consultant(s) worked together to resolve legal
issues
Malaysia’s Initiative
- Inter-Agency Cooperation
POLICY
Formulating & Coordinating Policy
NATIONAL SECURITY COUNCIL







Government Agencies
Critical Information Infrastructure
Internet Service Providers
Industry
Academia
Cyber Security Professionals
Public
LAW ENFORCEMENT AGENCIES &
REGULATORS
Preventing & Combating Terrorism through
Law Enforcement
 ROYAL MALAYSIAN POLICE
 BANK NEGARA MALAYSIA
 MALAYSIAN COMMUNICATION &
MULTIMEDIA COMMISSION
 Others
TECHNICAL SUPPORT
Providing Technical Supports &
Services
Malaysia’s Initiatives
- Outreach Programs to Educate the Public
Content
Partners
Content Localization & Packaging
Content
Channels
Target
Audience
MOSI
KKM
Children / students
Video clips
Publication
Web
Parents / home users
International
CERT
Communities
Other
industry
partners
KPWKM
Poster
MOE
TV ad
Competition
MOI
MOHE
Organizations
The Mandate
To increase the number of cyber security professionals
to cater for the increasing number of internet users in
Malaysia
Estimated about 4000 (as of Dec 2014) internationally
certified professionals in Malaysia
Target to achieve 14000 security professionals by 2020
www.cyberguru.my
15
Malaysia’s Initiatives
- Capacity Building
Capacity Building Strategy
- To collaborate with Training Institutions
to train the professionals
•
A plan to get organizations and
individuals towards building a pool of
information securing professionals
•
Include content for skill areas,
approach and implementation plan
Associate Business Continuity Professional (ABCP)
Certified Functional Continuity Professional (CFCP)
Certified Business Continuity Vendor (CBCV)
Certified Business Continuity Professional (CBCP)
Certified Information Systems Security Professional (CISSP)
Systems Security Certified Practitioner (SSCP)
251: Certified Information Systems Auditor (CISA)
30: Certified Information Security Manager (CISM)
13: Certified in the Governance of Enterprise IT (CGEIT)
Professional in Critical Infrastructure Protection (PCIP)
Malaysia’s Initiatives
- Building up the nation’s self reliance in cyber space through
local ICT products’ certification in cyber security
 IMPROVE QUALITY & COMPETITIVENESS
 INSTILL TRUST IN THE LOCAL PRODUCTS
Public Private
Partnership
COMMON CRITERIA
(CC)
ISO/IEC 15408
Common Criteria
ISO 9001 Quality
Management
Malaysia’s Initiatives
- Public Private Partnership
Malaysia Innovation Model - facilitates Public Private Partnership that aims to
meet the nation’s cyber security future needs
Source: National Innovation Model, 2007
Slide 18
Malaysia’s Initiatives
- Incident Handling
X-MAYA ACTIVITIES
• All the activities in X-Maya was conceived in-house by
CyberSecurity Malaysia using their experiences in
coordinating the annual Asia Pacific Computer
Emergency Response Team Cyber Exercise (APCERT),
together with the experience in operating their
Cyber999 Help Centre and Malware Research Centre.
This also includes infrastructure and technical support
throughout the duration of the exercises.
Exercise X-MAYA 3: Dashboard that shows
the level of cyber security threats.
Malaysia’s Initiatives in Incident Handlings
Developing high-level of national preparedness in preparation for
cyber crisis – participation by critical sectors is increasing every year
- Government & critical sectors conducting exercise on how to respond to
cyber crisis
Cyber Drill Exercise 5 2013 - 98 agencies
Cyber Drill Exercise 4 2011 - 66 agencies
Cyber Drill Exercise 3 2010 - 34 critical sectors
Cyber Drill Exercise 2 2009 - 28 critical sectors
Cyber Drill Exercise 1 2008 - 10 critical sectors
Malaysia’s Initiatives
Strategic Alliances - to anticipate and mitigate cyber attacks from abroad
Cooperation with 71 countries
worldwide and still growing


Member of Asia Pacific Computer Emergency Response Team (APCERT)
Chair of Organization of Islamic Conference- Computer Emergency Response
Team (OIC-CERT)
- consists of Government’s CERT from 19 OIC countries
- also opens to non-Government CERT, non-OIC CERT, professionals and
commercial organizations
Conclusion
• Domestic cyber security to adopt both technical and nontechnical approaches
• Governments to strengthen Public-Private Partnership
• Commitment in International community to strengthen
global cooperation
• Managing the weakest link – cyber security education and
capacity building
• Cyber security should be evolutionary to address dynamic
nature of cyber threats
- always think ahead
- proactive and responsive in approach
22
SID 2015
CELEBRATION
IN MALAYSIA
Introduction
• Safer Internet Day (SID) (www.saferinternet.org)
was first held in 2004 initiated by INSAFE EU.
• SID is celebrated in over 100 countries globally
in February of each year to promote Internet
safety, nurturing and increasing public awareness
on cyber security, especially amongst children and
young people across the world so that they become
more responsible when using technology and digital
gadgets such as smartphones, mobile phones and
tablets.
24
The Theme
This year, SID will be celebrated on the
2015 with
10 February
the theme:
'Let's Create a Better Internet Together'.
This theme is chosen to focus on the creativity of
children and teens during their stay on the line
(cyberspace)
and
also
look
at
the
role
and
responsibilities of organizations and government bodies
in creating an environment that is safe and conducive
cyber.
25
SID – The Malaysian Chapter
• In Malaysia, the celebration of SID was first held
in 2010 initiated by CyberSecurity Malaysia.
• Each year, various programs and activities related
to cyber security and Internet safety are
organized by CyberSecurity Malaysia together with
the smart partners who also embrace cyber security
and Internet safety agenda in Malaysia.
26
SID – The Malaysian Chapter
The purpose of organizing SID in Malaysia:To promote and enhance the awareness
of
Internet
users,
particularly
children and young people about the
importance of cyber security.
To provide exposure to children and
teenagers about the procedures and
methods of using the Internet in a
positive and safe.
To build a culture of using Internet
and technology wisely and ethically.
To
raise
awareness
about
importance of cyber security.
the
27
SID 2015 – Activities
Launching
Ceremony
Target Group:•
•
•
Target Group:•
•
•
•
VIPs
Partners
Youth Group
Media
School children
Parents
Community
Seminar
SID 2015
Workshop
Target Group:• Youth Group
Target Group:•
Media
Publicity
•
Media
Media
28
SID 2015 – The BIG Ideas
• To celebrate SID 2015 regionally with
CyberSecurity Malaysa counterparts in the selected
ASEAN countries, such as:-
Not yet confirm but verbally
agreed
Confirmed
Not yet confirm
29
SID 2015 – The BIG Ideas
• During the launching ceremony, there will be a
live cross over session
(using Internet
application such as Skype) between Kuala Lumpur
and the participating countries, namely Brunei,
Indonesia Singapore and other ASEAN countries.
• The Prime Minister will have conversation with the
participating country’s guest of honour (suggest
to also have Minister level)
30
SID 2015 – Proposed Agenda
TIME
2:00 pm
EVENT FLOW
Registration of Participants, Members of the Media & Invited
Guests
2:15 pm
Arrival of the Minister of Science, Technology and Innovation
Malaysia
2:30 pm
Welcome remarks by Emcee (Master of Ceremony)
2:35 pm
National Anthem of Malaysia
“Doa” Recital
2:40 pm
Welcoming Speech by Minister of Science, Technology and
Innovation
2:50 pm
Speech by the Prime Minister
3:00 pm
Launching Gimmick
3:20 pm
Live Cross Over to Brunei, Indonesia, Singapore and other ASEAN
countries
3:45 pm
Certificate Presentation to SID 2015 Seminar and Workshop
Participants
31
SID 2015 – Proposed Activities
No.
Activities
Partners
No of People/
Organization
Impacted
1.
Awareness Talk - Seminar with Jabatan Belia
Malaysia
Youth Group
2.
Awareness Talks and various
interactive activities with
the school children
Jabatan
200 – 300
Pelajaran Daerah Students
Putrajaya
3.
CyberSAFE Media Workshop
½ day class on ADAB and
information search using
Google
Targeted group: 40 – 100 people
i. Kumpulan
Media Prima
ii. ASTRO
iii.Capital TV
iv. The Star
Publications
v. Kumpulan
Utusan
Proposed
Date
300 – 400 Youth
32
SID 2015 – Media Publicity
Activities
Radio Interview
TV Interview
Newspaper Interview
Media
i.
ii.
iii.
iv.
i.
ii.
iii.
i.
ii.
iii.
iv.
v.
Proposed
Date
BERNAMA Radio 24
IKIM FM
Nasional FM
Traxx FM
Selamat Pagi Malaysia –
RTM 1
Nasi Lemak Kopi O – TV9
BERNAMA TV
Utusan Malaysia
Harian Metro
Berita Harian
The STAR
New Straits Times
33
SID 2015 – Proposed Partners
• Regional
• Local
34
35
36