Having trouble viewing this email? View it in your browser.

csm-ace 2012

CyberSecurity Malaysia –“CyberNEWS”

Bahasa | English

Issue 4 | Quarter 4 - 2013

Operation Spyglass (KL Gangster 2)
  Operation Spyglass (KL Gangster 2) was held on 7 and 8 November 2013. It is one of the support services provided by CyberSecurity Malaysia to the Law Enforcement Agencies in the form of digital forensic examination.

Identifying individuals who involve in the illegal downloading of local films in local social media is one of the support services offered by CyberSecurity Malaysia’s digital forensic experts to investigation officers during raids and digital forensic inspections on exhibits involved in the investigation.

Assistance provided by CyberSecurity Malaysia has helped the law enforcement agencies in their investigations when it involves digital forensic at crime scenes and during raids.
Regional Asia Information Security Exchange - RAISE Forum Meeting

RAISE Meeting is an annual event started since 2004. Members of RAISE including countries such as Singapore, Taiwan, Korea, Japan, China, Hong Kong and Malaysia.

The purpose of RAISE is to:

  1. Provide a platform to share information, exchange ideas and hold dialogues on information security;
  2. Discuss standards development activities;
  3. Ensure the unique needs of Asian region are taken into account during international standards development.
The meeting was jointly chaired by representatives from Singapore and Japan. Meeting was attended by 25 participants consists of 5 representatives from Singapore, 2 from Japan, 1 from Chinese Taipei, 2 from People’s Republic of China, 1 from Hong Kong. Japan and Republic of Korea joined in via web conference.

Apart from CyberSecurity Malaysia, other local participants were MIMOS Berhad, Malaysian Communications and Multimedia Commission (MCMC), Multimedia Development Corporation (MDeC) and Pos Malaysia Berhad (who is also standards development committee member).

A total of 8 papers were presented on the first day, 6 nation security information updates including Malaysia and 10 presentation sessions were carried out on the second day. CyberSecurity Malaysia presented 2 papers on Malaysian National Cyber Security – Risk Registration Project and Quality Management System.

The next RAISE meeting is expected to be held between June and August 2014. Only one annual meeting will be held from next year onwards and the next meeting is either in Hong Kong, Singapore or Thailand.

Cyber Security Malaysia - Award, Conference and Exhibition (CSM-ACE) 2013

Cyber Security Malaysia - Award, Conference and Exhibition or CSM-ACE 2013 was held from 13 to 14 November 2013 at the Royale Chulan Hotel, Kuala Lumpur.  CSM-ACE is an annual event organised by CyberSecurity Malaysia since 2009. CSM-ACE 2013 is a joint public and private event organised with the following objectives:

  1. Catalyst to drive innovation and cyber security industry growth;
  2. Instill cyber security culture at national level;
  3. Gather industry experts and community to discuss and share knowledge on latest trend in cyber security;
  4. Recognise the contribution of individuals and organisations in the field of cyber security, highlight trade and investment opportunities and assist participants to promote their product and services;
  5. Instill culture of cyber security awareness among consumers; with education and support to strengthen Malaysia’s self reliance on technology and human resource.

Among the programs that took place during CSM-ACE 2013 are:

  1. Cyber Security Conference
  2. The official opening ceremony was graced by YB Datuk Dr. Abu Bakar Mohamad Diah, Deputy Minister of Science, Technology and Innovation, Malaysia (MOSTI). About 500 participants from government, Critical National Information Infrastructure organisations (CNII), academicians as well as information security industry players participated in CSM- ACE 2013.

  3. Malaysia Cyber Security Awards 2013
  4. 7 categories of awards were presented by YB Datuk Dr. Abu Bakar Mohamad Diah, Deputy Minister of Science, Technology and Innovation, Malaysia (MOSTI) during the Cyber Security Awards Night 2013. The award categories are as below:

    1. Cyber Security Professional of the year
    2. Cyber Security Company of the year
    3. Cyber Security Organisation of the year
    4. Cyber Security Outreach Provider of the year
    5. Cyber Security Education and Training Provider of the year
    6. Cyber Security Project of the year
    7. CyberSAFE Ambassador of the year

  5. IT Security Exhbition
  6. About 35 organisations took part in the exhibition during CSM-ACE by exhibiting their qualified ICT products and current technologies. Among the organisations  that took part were BAE Systems, Deloitte, TrendMicro , Fortinet , AIG Insurans and ISC8. 

  7. Digital Forensic First Responder Training
  8. This is a training session organised by National Security Council (MKN) and supported by CyberSecurity Malaysia to provide awareness and exposure in the field of digital forensics, cases, terminologies, methodologies and first responder standard operating procedures. About 100 participants from CNII agencies attended the training in line with the requirements of PEMANDU and Application Form A. MKN 24.

  9. CyberSAFE Ambassador Guidelines Program
  10. A cooperation network was established between CyberSecurity Malaysia and Girl Guides Association of Malaysia to expose Girl Guide members on cyber security and the safe use of Internet. About 100 participants took part in the CyberSAFE Ambassador Guideline Program which were trained by CyberSecurity Malaysia.

  11. CyberSAFE in School Powered by DiGi
  12. This is a smart partnership program between the Ministry of Education Malaysia, CyberSecurity Malaysia, Childline Malaysia and DiGi Telecommunications to support cyber security messages and provide safe as well as family friendly Internet experience. More than 200 participants from DiGi CyberSAFE Program in Schools have been involved to train and educate Guru Penyelerasan Bistari (GPB).

  13. National ICT Security Debate: CyberSAFE Challenge Trophy
  14. This is the first cyber security debate that received support from the Ministry of Education Malaysia and Ministry of Science, Technology and Innovation Malaysia. More than 500 students participated in the debate that was held throughout Malaysia including Sabah and Sarawak.

    The final debate competition was held on the 14 November 2013 at The Royale Chulan Hotel, Kuala Lumpur during  CSM-ACE.

    Sekolah Tinggi Agama Persekutuan, Kajang emerged as the winners and won cash price of RM2,000 and trophy.

  15. Regional Asia Information Security Exchange (RAISE) Forum Meeting
  16. The 13th RAISE Forum meeting was held at The Royale Chulan Hotel, Kuala Lumpur on 11 and 12 November 2013. The meeting was organised by RAISE Secretariat and supported by CyberSecurity Malaysia. About 25 participants from Singapore, Japan, China Taipei, China, Hong Kong and South Korea attended the meeting.

  17. 2nd Asia CISO Conference
  18. The event was organised by MIS Training Institute, supported by CyberSecurity Malaysia and attracted about 60 delegates.

Diesel Abuse Raid Operation

Diesel Abuse Raid Operation was carried out on 12 – 14 November 2013. It is one of the support services provided to Law Enforcement Agencies in the form of digital forensic examination.

Identifying organisations and individuals allegedly involved in diesel abuse in the northern region of Peninsular Malaysia is one of the digital forensic assistance accorded to investigation officers during raids and digital forensic examinations on exhibits involved in the investigations.

Assistance provided by CyberSecurity Malaysia through digital forensic experts has helped the law enforcement agencies in their investigations when it involves digital forensic at crime scenes and during raids.

Organisation of Islamic Cooperation - Computer Emergency Response Team (OIC-CERT) 2013 Annual Conference and 5th Annual General Meeting

OIC-CERT is cooperation amongst the OIC countries in the field of cyber security. To date, members of OIC-CERT consist of 24 computer emergency response teams (CERT) or cyber security relevant agencies from 19 OIC countries, 3 commercial companies, one professional and one honorary member from the field of cyber security.

Since OIC-CERT’s official inception in 2009, the cooperation has successfully organised 4 annual conferences and annual general meetings. In 2013, 5th OIC-CERT Annual General Meeting was successfully organised in Bandung, Indonesia on 18 - 20 November 2013.

The conference themed “Cyber Security for Economic Growth” was held on 20 November 2013 and officiated by His Excellency Tifatul Sembiring, Minister of Communication and Information Technology Indonesia. The event was hosted by Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center (Id-SIRTII/CC) and co-organised by CyberSecurity Malaysia.

During the event, a hand over ceremony of the mandate as OIC-CERT Chairman was held where CyberSecurity Malaysia as the incumbent Chairman lead by General Tan Sri Dato’ Seri Panglima Mohd Azumi Mohamed (Retired) handed over the operating manual to Mr. Badar Ali Said Al-Salehi representing Oman as the Chairman of OIC-CERT.

During the conference 14 speakers from 9 countries presented their papers and shared ideas on handling cyber threat issues. The speakers were industry professionals and experts in the field of cyber security. Speakers were from the following countries:

  1. Singapore
  2. Nigeria
  3. Oman
  4. Indonesia
  5. United States of America
  6. Japan
  7. Malaysia
  8. Pakistan

Also attending this event were 152 participants from 12 countries as below:

No Country Num
1 Japan 2
2 Singapore 2
3 United States of America 4
4 Indonesia 101
5 Iran 4
6 Malaysia 20
7 Nigeria 6
8 Oman 2
9 Pakistan 5
10 Sudan 2
11 Brunei 3
12 Mesir 1
  Total 152

Following are the outcomes of the Organisation of Islamic Cooperation - Computer Emergency Response Team (OIC-CERT) Annual Conference and the 5th Annual General Meeting 2013:

1. Appointment of Oman as the Chairman of OIC-CERT and Driving Committee Members of OIC-CERT for the period of 2013 - 2015

  • 5th Annual General Meeting witnessed the selection of 5 new Driving Committee members for 2 years from 2013 - 2015.
  • 5 countries were selected as OIC-CERT Driving Committee Members:
    1. Oman
    2. Mesir
    3. Indonesia
    4. Tunisia
    5. United Arab Emirates
  • The meeting also agreed to select Oman as the Chairman of OIC-CERT for the period between 2013 - 2015 replacing Malaysia.

2. Appointment of Malaysia as OIC-CERT Permanent Secretariat

  • Malaysia, through CyberSecurity Malaysia has presented a proposal to establish the Permanent Secretariat at the 5th OIC-CERT Annual General Meeting which was held in Bandung Indonesia on 19 November 2013.
  • OIC-CERT members have unanimously agreed with the establishment of Permanent Secretariat to further enhance the operational capabilities of OIC-CERT. This is a global recognition for Malaysia which indirectly enhances Malaysia’s credibility and leadership in the field of cyber security.
  • The appointment is also a great opportunity for Malaysia to continue holding leadership and commitment in cyber security industry as well as leading the cyber security field among OIC countries.

3. Appointment of General Tan Sri Dato’ Seri Panglima Mohd Azumi Mohamed (Retired) as the Advisor to OIC-CERT Chairman

  • 5th Annual General Meeting has agreed to appoint General Tan Sri Dato’ Seri Panglima Mohd Azumi Mohamed (Retired), Chairman Board of Directors, CyberSecurity Malaysia as an Advisor to Oman, the new Chairman of OIC-CERT.
  • This appointment is recognition to Tan Sri Azumi’s contribution in the field of cyber security among the OIC countries.  
First Responder Training Program for Bank Negara Malaysia

First Responder Training for Bank Negara Malaysia was carried out to share digital forensic knowledge in terms of terminologies and specific knowledge for the participants.

This training enabled participants to understand digital forensic in terms of:

  1. Digital forensic and analysis investigation methods;
  2. Current digital technologies;
  3. How to obtain digital evidences from crime scenes;
  4. Type of data that can be extracted from digital media.

Training to Introduce New Edition of ISMS, ISO/IEC 27001:2013

On 19 - 21 November 2013, CyberSecurity Malaysia has carried out a training program to introduce the new edition of ISMS, ISO/IEC 27001:2013.

48 participants including the staff of CyberSecurity Malaysia and officers from various organisations such as SIRIM QAS International Sdn Bhd, Standard Malaysia Department, Bursa Malaysia Berhad, RHB Bank Berhad and Teknologi Tenaga Perlis Consortium attended this program.

Prof. Edward Humphreys, an information security and risk management expert with approximately 30 years of experience conducted the training program. 

The three days training program discussed various subjects such as:

  1. Difference between the requirements of new and old standards;
  2. Additional requirements; and
  3. Abolished requirements.
The program has also discussed the processes involved during transitional period. It was also highlighted that the transitional period ends as of 1 October 2015 as set by International Accreditation Forum.
National Cyber Crisis Exercise (X-MAYA 5)

National Cyber Crisis Exercise is an annual program being held since 2008. Famously known as X-MAYA, it is one of the training programs conducted under the National Cyber Security Policy, specifically under Thrust 7 - Cyber Security Emergency Readiness; which has National Security Council (MKN) as the Thrust Leader.

This year, 18 Sector Leads, 98 agencies across the 10 Critical National Information Infrastructure (CNII) took part in the exercise.

Main objectives of X-MAYA are to:

  1. Examine the effectiveness, identifying the gaps and improve Communication Procedures, Responses and Coordination of National Cyber Crisis Management;
  2. Increase the awareness among Sector Leads and Critical National Information Infrastructure (CNII) agencies/organisations on cyber attacks;
  3. Familiarize sector leads and CNII agencies/organisations on cyber incident handling mechanisms;
  4. Establish level of readiness and preparedness of CNII agencies/organisations in facing cyber attacks and examine effectiveness of internal incident handling procedures of relevant CNII agencies/organisations;
  5. Familiarize communication between  respective  sector leads and CNII agencies/organisations during cyber incidents. 

Summary of X-MAYA 5  Activities

  1. Briefing of the X-MAYA 5 final workshop were organised on 18 November 2013 at Prime Minister’s Department Auditorium. During this session, participants were given the ‘thumbkit’ which contained software, manual, images and artifacts required for the National Cyber Crisis Exercise.
  2. Exercise Controller (EXCON) Dry Run was held on 1 November 2013.
  3. National Cyber Coordination and Control Centre (NC4) Dry Run was held on 6 November 2013.
  4. Internet Relay Chat (IRC) Communications & Exercise Portal Check was held on 20 – 22 November 2013. This session allowed participants to try out NC4 portal and IRC channels together with the software to be used during the practical training session at CyberSecurity Malaysia.
  5. National Cyber Crisis Exercise was held on 25 November 2013. It started at 9.00am and ended at 5.30pm. The closing ceremony was officiated by YAB Tan Sri Dato’ Haji Muhyiddin bin Mohd. Yassin, Deputy Prime Minister of Malaysia on 26 November 2013 at Royale Bintang Hotel, Damansara. In attendance for the closing ceremony were invited speakers from Korea, foreign diplomats, Ministry and Department heads and representatives of participating agencies.
  6. Debrief session was held on 27 November 2013 at Dewan Taklimat, Bangunan Perdana Putra, Prime Minister’s Department. The session was to allow participants to share the technical experience and knowledge as well as obtained technical explanation from EXCON on practical training scenarios. Secretariat also shared the online feedback received after the practical training session. At the end of the workshop, participants shared valuable feedback to National Security Council and CyberSecurity Malaysia on procedure improvements and practical training implementation in future.
Discussion with Sandi Board (Cryptography) Republic of Indonesia, Sandi Indonesia High School and Sandi Museum, Republic of Indonesia. Visit to Sandi Museum, Yogyakarta, Indonesia

Malaysian Society of Cryptology Research (MSCR) in cooperation with CyberSecurity Malaysia aspires to establish international joint effort with National Sandi Board, Indonesia and National Sandi High School, Indonesia.

First discussion was held in National Sandi Museum Yogyakarta, Indonesia on 28th November 2013, attended by representatives from MSCR, CyberSecurity Malaysia, National Sandi Board, Indonesia, National Sandi High School, Indonesia and National Sandi Museum, Indonesia.

24 delegates involved in the discussion representing organisations as below:

  1. CyberSecurity Malaysia,  lead by Dr Solahuddin Shamsuddin
  2. Malaysian Society of Cryptography Research (MSCR) lead by  Prof. Dato Dr. Kamel Mohd Ariffin
  3. National Sandi Board, Indonesia, lead by Mr. R. Firman
  4. National Sandi High School, Indonesia lead by Mdm Pinuji P.
  5. National Sandi Museum, Indonesia lead by Mr. Anas Hilal

The purpose of the discussion was to create an opportunity to update information and learn on the latest development in the field of cryptology between Indonesia and Malaysia as well as to share information on cryptology related law and policy enforcements in Malaysia and Indonesia.

To explore potential joint efforts through research and cryptography development between the two countries and strengthen the cooperation between institutes of higher learning, government agencies and research associations in both countries.

Cyber Security Awareness Program – CyberSAFE in October 2013

Various activities under cyber security awareness program or CyberSAFE were carried out in the month of November 2013 to improve information security awareness levels among public and private organisations as well as the communities with special focus on school children and teenagers. These activities highlighted cyber security issues and best methods to handle and prevent from becoming victims of cyber threats.

Among the information security awareness programs that were carried out in the fourth quarter of 2013 include:

Date Program Venue
02 November 2013 National ICT Security Debate 2013 Zone Sabah Bahagian Teknologi Pendidikan Negeri Sabah
07 November 2013 Seminar Kesedaran Siber Jabatan Peguam Negara, Putrajaya
10 November 2013 National ICT Security Debate 2013 (Quarter & Semi Final) RTM Seremban
11 November 2013 Personal Online Safety Sekolah Menengah Kebangsaan Seri Intan, Fair Park, Ipoh, Perak
14 November 2013 CyberSAFE@
The Royale Chulan KL
20 November 2013 Seminar CyberSAFE Cabaran Dunia Internet di Alam Maya
Seminar on CyberSAFE Internet World Online Challenge
22 November 2013 Executive Talk: Program Kesedaran Siber/ Cyber Awareness Program Bahagian Teknologi Pendidikan Negeri Pahang
26 November 2013 Awareness on cybersafety Agrotek Garden Resort, Sungai Semungkis, Hulu Langat.
30 November 2013 PDRM Exhibition: Kempen Pencegahan Jenayah Komersil 2013 / Commercial Crime Prevention Campaign The Curve, Mutiara Damansara

The cyber security awareness programs are able to promote initiatives and services offered by CyberSecurity Malaysia such as Cyber999 and CyberSAFE portal. The program is also able to create awareness on the threats face by the Internet and computer users and the changes in our daily life in line with the advancement of communication technology.