Dr Amirudin Abdul Wahab,
CyberSecurity Malaysia’s CEO
Whereas, the CMA deals with regulation of the
communications and multimedia industry, namely
fraudulent use of network facilities plus offensive
content on the Internet. However, there are also non
cyber specific laws that may be used to address
online activities whenever applicable namely:
Sedition Act 1948
●●
Penal Code
●●
Defamation Act 1957
●●
Copyright Act 1987
●●
Evidence Act 114A
●●
In terms of policy, the Government has
crafted the NCSP to ensure that the country’s ten
Critical National Information Infrastructure (CNII)
– health, water, banking and finance, information
and communications, energy, transport, defence
and security, Government, food and agriculture and
emergency services – is secure, resilient and self
reliant in mitigating cyber threats and attacks.
Playing a technical support role is Government
agency, CyberSecurity Malaysia. The Board of
Engineers Malaysia spoke to CyberSecurity
Malaysia’s Chief Executive Officer, Dr Amirudin
Abdul Wahab on the role of the agency and various
issues in cyber security.
Dr Amirudin explains that CyberSecurity
Malaysia is structured to mitigate cyber threats but
it is not a law enforcement agency. He describes it
as the “IT Security Department for the country” that
provides technical assistance to law enforcement
agencies to analyse and investigate cyber incidents.
Such incidents include cyber harassment, denial of
service, fraud, intrusion, malicious computer codes
and spam that are reported to Cyber999 centre
(via web, email, sms, phone, fax) manned by the
Malaysia Computer Emergency Response Team
(MyCERT), a department within CyberSecurity
Malaysia. In 2013, 10,636 cases were reported
(see table), an increase of 6.51% over 2012.
Dr Amirudin acknowledges that the rise
in cyber crimes is a worldwide trend. He quotes
McAfee Labs which predicts 2014 to be a
vulnerable year as more businesses move their
operations into the ‘cloud’ and adopt the trend of
Bring Your Own Device (BYOD). Cyber crimes are
expected to intensify in the mobile channel through
socially engineered attacks and mobile apps.
Dr Amirudin adds that cyber attacks can easily
spread across borders. A case in point was the
three-day cyber war between Malaysian and Filipino
hackers, triggered by the Lahad Datu incident
last year. Malaysian hackers allegedly attacked
Filipino Government and private websites. Filipino
hackers responded in kind, and up to 44 websites
belonging to both countries were defaced before a
“ceasefire” was called.
Although “behind the scenes”, support
services provided by CyberSecurity Malaysia to
the Law Enforcement Agencies has helped the law
enforcement agencies in their investigation and
solved many cases of cyber crime and curtailed
financial damage.
Just like crime scene investigation (CSI)
in the real world of crime, there is CyberCSI
in the cyber world. CyberSecurity Malaysia
utilises its Digital Forensic Lab, manned by
technical experts, to investigate crime in
the virtual world. Digital forensics involves
detection, containment, analysis, eradication
and recovery. High standards are followed in this
process. Dr Amirudin notes that CyberSecurity
Malaysia’s digital forensic laboratory is the
first forensic laboratory in Malaysia and the
11