CYBER SECURITY - Quick Overview - Nik Zafri

I had a chance to read the newly passed Cybersecurity Bill 2024 on March 27, 2024, after its first reading on March 25, 2024. Among the key provisions are formation of NCSC (National Cyber Security Committee), duties, authorities and responsibilities of Chief Executive of the NCSA (National Cyber Security Agency), critical information infra, handling security breaches etc. This act stands as a great support to other Malaysian Cyber Laws such as Computer Crimes Act 1997, Digital Signature Act 1997, Telemedicine Act 1997, Communications and Multimedia Act 1998, Electronic Commerce Act 2006, Electronic Government Activities Act 2007, Personal Data Protection Act 2010, Penal Code and Anti-Fake News (Repeal) Act 2020 Personal Data Protection Act 2010 etc.

I totally agree that cyber security services provider must hold the necessary licenses under the law. Despite this may not apply to providers of a company to its’ branches, I still think that the security providers despite internal, must have the necessary qualifications and licences. The company itself must practice a certain guideline or better be certified with ISO 27000 or its equivalent. (I find it interesting to know one of my clients, Petaling Jaya City Council (Majlis Perbandaran Petaling Jaya) has long been certified with (ISMS) ISO/IEC 27001 – perhaps this can serve as an example)

ISO/IEC 27001 is an international standard for information security management systems (ISMS), while ISO/IEC 27002 provides guidelines for implementing controls to address information security risks. These standards include requirements and recommendations for incident response planning, incident handling procedures, and coordination mechanisms to ensure a systematic and coordinated approach to managing cybersecurity incidents.

The bill should also be clear or have appendices on legal frameworks, regulations, and guidelines to enhance cybersecurity measures within Malaysia. Despite Personal Data Protection Act 2010 is in force, there are still concerns on Data Protection, Security and Privacy including clear guidelines for data collection, storage, and processing, as well as requirements and reporting for data breach notifications.

There is also a dire need to safeguard critical infrastructure sectors such as energy, transportation, healthcare (to be covered more in Telemedicine Act 1997) and the financial sectors from cyber threats, including mandatory security standards and incident reporting requirements. With reports of sophisticated breaches, hackers and scammers on the rise, we need a more robust cybersecurity measures TAILORED to the unique needs and challenges of each sector. We can’t depend on one system and think everything will be OK.

By adopting a collaborative and multi-stakeholder approach, investing in capacity building and training, leveraging advanced technologies and investigative techniques, and implementing strong legal frameworks and deterrent measures, stakeholders can enhance their ability to combat cybercrime effectively and protect individuals, businesses, and critical infrastructure from cyber threats.

Some systems, software, applications, and firewalls commonly used around the world to enhance cybersecurity in critical infrastructure such as (I know Malaysia do have most of the following but they were “scattered” rather than “integrated”) :

• ICS (Industrial Control System),
• SCADA (Supervisory Control and Data Acquisition) – which known to provide protection against cyber threats targeting operational technology (OT) environments,
• Firewalls like ICS designed to filter and monitor network traffic of IT and OT,
• IDPS and NIDS– Intrusion Detection and Prevention System and Network Intrusion Detection System – to monitor network traffic for suspicious activity or cyber threats,
• Host-based Intrusion Detection Systems (HIDS) to monitor activities on individual computers or devices for signs of unauthorized access or malware.
• Security Information and Event Management (SIEM) Systems - Collects and analyzes security event data from various sources within the infrastructure to detect and respond to cyber threats in real-time.
• Provides centralized logging, correlation, and reporting capabilities for incident response and compliance purposes.
• Next-Generation Firewalls (NGFW) incorporating traditional firewall features with advanced security capabilities such as intrusion prevention, application awareness, and deep packet inspection to protect against sophisticated cyber threats.
• Endpoint Security Solutions  - Antivirus/Anti-Malware Software: Protects endpoint devices (e.g., computers, servers, medical devices) from malware infections and other malicious software)
• Endpoint Detection and Response (EDR) - Monitors endpoint activities for signs of suspicious behaviour and provides advanced threat detection and response capabilities.
• Secure Remote Access Solutions - Provide secure remote access to critical infrastructure systems for authorized personnel while mitigating the risk of unauthorized access or cyber attacks.
• Implement multi-factor authentication (MFA) and encrypted VPN connections to protect remote access sessions.
• Security Patch Management Systems - Automate the deployment of security patches and updates to operating systems, software, and firmware to address known vulnerabilities and reduce the risk of exploitation by cyber threats.

Another critical issue is Security Training and Awareness Programs despite they are available (at a very high price unfortunately) but the training awareness should cover the points mentioned above. I recommend training providers to INTEGRATE the above modules in their training. Rather than, punishing the security providers, why not help them with grants and perhaps allocation of CPD points should be awarded to cyber security companies that are serious in assisting the nation in protecting the infrastructure.

(Perhaps the Malaysian National Cyber Security Agency could have a hand on this one?)

Educate employees and contractors about cybersecurity best practices, policies, and procedures to mitigate the risk of insider threats and human errors.

Incident Response and Disaster Recovery Plans (IRDRS)

I have witnessed good practices of IRDRS – unfortunately when it comes to implementation, I would rate it a little low due to time consuming recovery which caused inconveniences to the end users and customers.

IRDRS should be regularly be tested on incident response and disaster recovery plans to ensure a timely and effective response to cyber incidents and minimize the impact on critical infrastructure operations. I could be wrong but I RARELY hear any drills being done to ensure effectiveness of IRDRS in Malaysia.

Frameworks for incident response planning should take into account coordination among government agencies, businesses, and other stakeholders, as well as mechanisms for sharing threat intelligence and best practices. It should also involve establishing structured processes, guidelines, and communication channels to effectively detect, respond to, and mitigate cybersecurity incidents.

• Regulatory Requirements and Compliance Standards

All IRDRS should make reference to available cybersecurity standards and if none available, standards should be established for products, services, and organizations to ensure a baseline level of security and promote trust in digital technologies.

Regulatory requirements and industry-specific compliance standards should mandate the implementation of incident response frameworks and procedures.

Implementing these frameworks involves assessing organizational risks, procedures, conducting training and exercises, establishing communication channels and coordination mechanisms, and regularly reviewing and updating incident response capabilities will adapt to evolving cyber threats and operational requirements.

• Risk Management

IRDRS is to also provide a set of guidelines, standards, and best practices for improving cybersecurity risk management across critical infrastructure sectors.

It should include a structured approach to incident response, with key functions such as Identify, Protect, Detect, Respond, and Recover (IPDRR), to help organizations prepare for, respond to, and recover from cyber incidents

The security should also include third-party vendors and suppliers that have access to critical infrastructure systems or sensitive data to mitigate supply chain risks. There is a need to implement a multi-layered cybersecurity approach that combines technical solutions, security best practices, and risk management strategies is essential to safeguard critical infrastructure sectors from cyber breaches and ensure the resilience of essential services and operations.

• Computer Security Incident Response Team (CSIRT)

CSIRT frameworks, such as the CERT Resilience Management Model (CERT-RMM) and the FIRST (Forum of Incident Response and Security Teams) Framework for CSIRTs, provide guidance for establishing and operating computer security incident response teams.

They outline key capabilities, processes, and practices for incident detection, analysis, response, and coordination within organizations and across different stakeholders.

• Information Sharing and Analysis Centers (ISACs)

ISACs are industry-specific organizations that facilitate the sharing of cybersecurity threat intelligence, best practices, and incident information among members within a particular sector or critical infrastructure.

They often collaborate with government agencies, law enforcement, and other stakeholders to enhance situational awareness, threat detection, and incident response capabilities.

Cybercrime Prevention and Enforcement

To effectively combat cybercrime requires a multi-faceted approach involving collaboration between law enforcement agencies, government bodies, private sector entities, and international partners.

All the cyber laws need to be summarized into a guideline on how the authorities to take action,

• International Cooperation – this is extremely important where the influx of tourists, expatriates, legal foreign workers to Malaysia (which could be “person of interests” in another country) need a more effective screening system at point of entry (Immigration). Without international cooperation, the chances raise a “red-flag” or detect possible criminal background of visitors will not be effective. We need to establish mutual legal assistance agreements and extradition treaties to facilitate the investigation and prosecution of cybercriminals across jurisdictions.
• Public-Private Partnerships – Government agencies must work together with private sectors, academia and civil society to hare threat intelligence, best practices, and resources in combating cybercrime. Formal partnerships and information-sharing mechanisms will enhance cyber threat detection, incident response, and mitigation efforts.
• Cyber Forensics and Digital Evidence Handling – Things are getting more sophisticated nowadays. Perhaps more investment and attention is required. Procedures established must also ensure admissibility and integrity of digital evidence in court proceedings. Training is required on this subject matter.

Proactive Cybercrime Investigations

Employ proactive investigative techniques, such as undercover operations, infiltration of criminal networks, and the use of advanced cyber tools, to identify and disrupt cybercriminal activities.

Monitor online forums, dark web marketplaces, and social media platforms to gather intelligence on cyber threats and criminal activities.

Victim Support and Cybersecurity Awareness

Provide support services for cybercrime victims, including assistance with incident response, recovery, and mitigation efforts.

Raise awareness among individuals, businesses, and organizations about cybersecurity best practices, common cyber threats, and available resources for reporting and responding to cybercrime incidents.

Capacity Building and Education - Initiatives to enhance cybersecurity awareness, education, and training for individuals, businesses, and government entities to improve their ability to identify and mitigate cyber threats.

International Cooperation

By taking the following steps and actively engaging with other countries and international organizations, stakeholders can contribute to building a more secure and resilient cyberspace through collaborative efforts and shared responsibility for addressing global cybersecurity challenges.

• Collaboration with other countries and international organizations to address global cybersecurity challenges, including information sharing, joint exercises, and diplomatic efforts to establish norms of responsible behaviour in cyberspace.
• Beginning international collaboration to address global cybersecurity challenges involves building relationships, establishing communication channels, and fostering trust among countries and international organizations. Here are some steps to initiate and facilitate international collaboration in cybersecurity:
• Initiate diplomatic dialogues and engagements with other countries and international organizations to raise awareness of cybersecurity challenges and the importance of international cooperation.
• Advocate for the establishment of norms, principles, and agreements to promote responsible behavior in cyberspace, including respect for sovereignty, non-interference, and cooperation in addressing cyber threats.
• Engage in multilateral forums, such as the United Nations (UN), the Group of Seven (G7), the Group of Twenty (G20), and regional organizations, to discuss cybersecurity issues, share best practices, and coordinate collaborative efforts.
• Support initiatives such as the UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, which facilitates discussions on norms and confidence-building measures in cyberspace.
• Foster bilateral partnerships and cooperation agreements with other countries to exchange cybersecurity threat intelligence, share best practices, and collaborate on joint cybersecurity initiatives.
• Establish formal mechanisms, such as memoranda of understanding (MoUs) or bilateral cybersecurity dialogues, to facilitate information sharing, capacity building, and joint exercises.
• Join international information sharing platforms and cybersecurity alliances, such as the Cyber Threat Alliance (CTA), the Forum of Incident Response and Security Teams (FIRST), and regional Information Sharing and Analysis Centers (ISACs), to exchange threat intelligence and coordinate incident response efforts.
• Contribute to and benefit from collaborative efforts to improve global cybersecurity resilience and response capabilities.
• Organize joint cybersecurity exercises, workshops, and capacity building programs with partner countries and international organizations to enhance readiness, response capabilities, and coordination in addressing cyber threats.
• Share expertise, resources, and training opportunities to strengthen cybersecurity capacity and build trust among participating stakeholders.
• Provide technical assistance, capacity building support, and cybersecurity expertise to developing countries and regions to strengthen their cybersecurity capabilities and resilience.
• Collaborate with international organizations, such as the International Telecommunication Union (ITU), the World Bank, and the Organization for Security and Co-operation in Europe (OSCE), to deliver targeted cybersecurity assistance and promote international cooperation.
• Promote transparency and confidence-building measures, such as the exchange of cybersecurity policy documents, incident reporting mechanisms, and cybersecurity strategy reviews, to enhance mutual trust and understanding among countries.
• Support efforts to increase transparency in cyberspace, including the attribution of cyber incidents and the disclosure of vulnerabilities, to promote accountability and deter malicious activities.

Sample System and Software

Ensuring data privacy and protection involves a combination of technical solutions, best practices, and organizational policies. Here are some tools, software, and systems commonly used to enhance data privacy and protection:

Encryption Software

• Full Disk Encryption (FDE): Encrypts entire hard drives or storage devices to protect data at rest.
• File/Folder Encryption: Encrypts individual files or folders to protect specific data.
• Transport Layer Security (TLS) - Encrypts data transmitted over networks, commonly used for securing internet communications.

Access Control Systems

• Identity and Access Management (IAM) Systems - Manages user access rights and permissions to ensure only authorized individuals can access sensitive data.
• Multi-Factor Authentication (MFA) - Requires users to provide multiple forms of identification before granting access, adding an extra layer of security.
• Role-Based Access Control (RBAC) - Assigns access rights based on users' roles and responsibilities within an organization.

Data Loss Prevention (DLP) Solutions

• Content Filtering - Monitors and filters data transfers to prevent unauthorized transmission of sensitive information outside the organization.
• Data Classification - Automatically identifies and classifies sensitive data to apply appropriate security controls and policies.