MIMOS TO SET UP CENTRAL BODY TO ADDRESS ICT SECURITY ISSUES
1st January 2001
By MalaysianTech.Com

Mimos Bhd is in the process of setting up a National Information and Communications Technology Security Emergency Response Centre (NISER), which will serve as a central body to address Information and Communications Technology (ICT) security issues at the national level.

The centre, which is scheduled to become operational before end of the year, will look at such pressing issue at the shortage of ICT security personnel in the country as well as the need to mobilise and optimise the engagement of such personnel for ICT security.

Mimos chief operating officer Dr Mohamed Awang Lah said NISER will also be given the task of expediting and synergising standards and guidelines on ICT security-related issues from various bodies to reduce duplication of efforts.

The centre will be a good platform for helping to reduce the dependency of using foreign security-related technologies while increasing the understanding of such technologies.

"These are gaps that need to be overcome with the setting up of a central body such as NISER to coordinate these efforts," he was quoted as saying by Computimes.

Mohamed added that NISER's immediate function is to act in a "firefighting" mode to assist network administrators to respond to emergency situations.

"For this purpose, we will be incorporating the functions of Malaysian Computer Emergency Response Team (MyCert) into NISER. MyCert was the first step to the establishment of NISER, and the only component of NISER that is available to date."

MyCert is an independent organisation set up to help reduce the probability of successful network attacks and reduce the direct costs of security to organisations and lower the risk of consequential damage. It provides a point of references of expertise on network and security matters.

In the medium term, NISER will function as a security assurance body in an effort to assure the public that there is a national body that can handle all security threats and attack on individuals, organizations and the nation.

Towards this end, the centre will also create awareness on security issues as well as provide training and consultancy services.

In the long run, NISER will be used to co-ordinate, plan and priorities research and development (R&D) activities, act as a registration system for ICT security products and professionals providing consultancy services.

In addition, it will also encourage global participation at international forums and workshops in an effort to create a people network relationship to communicate with in times of emergencies.

According to Mohamed, Mimos has already identified an external person to head NISER, and the centre expects to have at least 12 personnel initially to run the various units within the establishment when it begins operation.

Within NISER, there will be two panels - the panel of experts and the consultative council. The panel of experts will initially comprise six local people to advise the centre on the technology perspective and will bring in foreign experts, virtually, if necessary.

"We will also be looking to tap on our network with similar organisations in other countries in assisting us in the dealing with threats, " Mohamed said.

The consultative council's role is to help in providing guidelines on how NISER should be run. It will comprise representatives from the Energy, Multimedia and Communications Ministry, The Education Ministry as well as national agencies such as Sirim, Mampu, police, armed forces and universities.

"This will be by invitation only we will be appointing about 12 representative for a start," said Mohamed.

He added that NISER, which requires an initial investment of about RM1 million, will initially be hosted at and run by Mimos until the centre is capable of being run independently.

"My estimate is that it will take about two years before NISER can be run independently," he said.

The centre will be equipped with personal computers and others related equipment needed to enable it to run efficiently as well as PC "forensic" tools for analysis of evidence related to abuse activities. Mohamed said although the proposed National Information Security Policy Framework is still being formulated, NISER has already been recognised as an important part of the framework.

The framework will also incorporated a national standard for information security systems implementation in the public and private sectors as proposed by the Working Group on National Information Security Policy.

Among others, the framework aims to raise awareness on risk and safeguards to risk, foster confidence in information systems and promote the development and use of innovative information communication systems within the country.

The framework will be based on the Information Security Model, whereby information access is protected by securing elements of integrity, confidentially and availability. These elements are to be supported by adequate authorization that is made available after authentication.