Redefine Security Concept To Include Information Network - Najib
10th May 2004 (Bernama)

KUALA LUMPUR, May 10 (Bernama) -- Deputy Prime Minister Datuk Seri Najib Tun Razak said Monday that organisations need to redefine the concept of security from being just guardianship of physical assets and movement of people to fully integrate with the handling of information networks system.

He said that the increasing spamming, viruses and web defacement due to cyber hackers and technology perpetrators showed the vulnerability that exists in the information and networks system.

Given the widespread use of techonology in today's businesses and increasing reliance on the Internet that had brought great benefits, he said that it had also generated complexity to national security issues and ultimately, political and social stability.

He said that the new role of a chief security officer in today's knowledge-based economy should be to fully integrate the control of access by any individual to an organisation's premises, assets as well as its networks.

"Every organisation, whether public or private, should adopt this paradigm shift. The role of a chief security officer is no longer just to ensure security physically, the exist or entry or people but must also ensure the security of information network of the organisation to safeguard in terms of those accessing information and ensure that the company is protected from those intending to sabotage the company," he told reporters after opening a three-day 'Hacker Halted 2004' seminar and workshop here.

Najib said that the job descriptions of a chief security officer need to be redefined.

Every organisation, he said, be it private sector or government agencies, needs to equip relevant personnel with the latest knowledge, skills and tools to combat potential threats from hackers and their activities.

Organisations also need to be proactive in handling information security issues by understanding the minds and modus operandi and tools used by hackers, he said.

Najib, who is also Defence Minister, said that the new concept of security would help to prevent an information networks system from being attacked by viruses or hackers.

"Organisations have the capability to develop their web sites and portal as well as their information system but they are not very good in terms of the security system that they have developed," he said.

Najib said that the concept was still new among government departments and agencies and it was vital to upgrade the government's information networks system and database.

Earlier in his speech, the Deputy Prime Minister said that while it was appropriate and even inevitable for a developing economy like Malaysia to embrace the rapid advances in ICT, they need to be mindful of the dangers and challenges of the increasing interconnected world and heavily reliant on technology.

He cautioned that many of the nation's critical infrastructures -- telecommunications, banks, ports, airports, power plants, refineries, water systems and roads managed by private sectors - - could be potential targets for hackers and criminal elements.

He said that the National Information Communication Security and Emergency Response Centre (NISER) quarterly report last month showed that the number of defacements increased from 231 this year compared to six in the last quarter of last year.

There was an urgent need to develop an integrated, collaborative approach to information security threats, he said.

Najib suggested a permanent forum or platform to enable members of the information technology security fraternity in the private sector and government to share knowledge, skills and technologies to combat the electronic menace.

"For this forum or platform to be effective, the public and private sector must form a balanced partnership -- one that respects an individual organisation's right to privacy but at the same time, one that encourages a vital exchange of skills, knowledge and experience," he said.

Having a responsibility to ensure a robust legal framework and enforcement approach that protects the information networks in this country, Najib said, the government would table three more bills -- the Privacy Protection Act, Electronics Transaction Act and Electronic Government Activities Act -- in parliament.

"In addition, the government is examining the issue of spamming and we are currently studying existing legislation elsewhere. Once approved, these laws will provide greater protection to Internet users and facilitate the orderly growth of electronic commerce in Malaysia," he added.