Framework against spam
26th April 2004 (Computimes)
By ROZANA SANI

THE National ICT Security and Emergency Response Centre (Niser) intends to propose a framework for a national policy on spam as a proactive measure to protect the country's infostructure against security breaches propagated by such incidents.

To be completed within the year, the proposal will essentially look into what needs to be put in place in terms of technology, education and awareness as well as rules, regulations or laws that could effectively control incidents of unsolicited and bulk electronic mail (e-mail) and keep them to a minimum.

Niser's senior instructor Philip Victor said a proper framework is needed to address an issue as serious as spam.

"There is no local legislation yet in place to deal with the problem which is getting more critical, especially when hackers are collaborating with spammers to further spread worms and viruses," he told Computimes last Thursday.

Victor said in working towards this, Niser is currently identifying problems and vulnerabilities in information and communications technology (ICT) security which are generated and related to spam.

"These include assessing spam incidents and sources of spam, gauging how concerned organisations are, and ascertaining the damage levels and costs in managing spam. In relation to that, we urge individuals and organisations to report all incidents. Everyone must be part of the battle and see the issue as important," he said.

Spam, in fact, forms the bulk of ICT security incidents reported to Niser for the first three months of this year. It constituted 640 reports out of the 856 received in January, 784 out of 857 in February, and 822 out of 902 in March.

Victor, who had earlier made a presentation at the Anti -Spam Asia 2004 seminar in Kuala Lumpur, also shared some findings from the Niser Spamming Issues Online Survey conducted by the centre in July last year, in collaboration with AC Nielsen.

Information from the survey conducted among 102 organisations from the Government, finance, retail, manufacturing, services and telecommunication sectors in the country will also be considered for the proposal for the national anti-spam policy framework Niser is working on.

Among the key findings is that 95 per cent of the organisations surveyed have received spam before, and 79 per cent agree that spam costs significant time and money.

However, only 27 per cent would take action such as removing themselves from the spammers' mailing lists, and only 48 per cent would report it to respective authorities. From the survey, 66 per cent viewed the spam issue in Malaysia as moderate or not serious.

Nevertheless, most organisations are concerned about the problem. Hence, the Government should enforce legislation to outlaw spam as 95 per cent of organisations said that whatever existing law that is addressing the issue is inadequate.

"Three in four suggested that the Government should be more involved in dealing with spam issues while a majority believed in identifying spammers. Two in five suggested that the Government should apply anti-spamming laws. More than half of the users felt that punishment such as termination of Internet access, fines and warnings should be imposed," Victor said.

But before looking at new policies or legislations, he said organisations must look inward first.

"Organisations must have their e-mail policy in place and ensure that it is effective. People need to be educated and made aware on the threats of spam."