Malaysia Calls for ASEAN 'Master Plan' to Fight Cyber Attacks
Defense News (3 June 2012)

SINGAPORE-Malaysia's defense minister called for the development of a "master plan" of security connectivity for members of the Association of Southeast Asian Nations (ASEAN) during a speech June 3 at the 11th Shangri-La Dialogue Asia Security Summit being held in Singapore.

The increase in sophistication and range of cyber attacks warrants a more comprehensive, holistic and sustainable form of defense, said Ahmad Zahid Hamidi during the fourth plenary session on new forms of warfare.

Policy direction in Malaysia for cybersecurity is provided by the National Cyber Crisis Management Committee, under the National Security Council. Cyber cases are monitored by Cybersecurity Malaysia of the Ministry of Science, Technology and Innovation. Under Cybersecurity Malaysia, the Malaysian Computer Emergency and Incident Response Team (MYCERT) is responsible to provide emergency and incident response.

Hamidi said that despite these efforts, continued labor must be made to further reinforce cyber defense in Malaysia and amongst ASEAN members.

The minister said there are three dynamics the response should consider: first, a fundamental dynamic of computer security is that the defender must always succeed in protecting their systems; second, the attacker has the advantage with the increasing growth of computer networks and connectivity; and the third dynamic affords benefit to the attacker would be the availability of the same technology used by the defender.

Malaysian websites were attacked by "anonymous" in June 2010, though with minimal impact. From January to March, MYCERT handled 3,140 cases, a decrease of 4.3 percent from the previous quarter. However, the same period also saw 1,491 cases of system fraud that marked a 17.12 percent increase in phishing activities, cheating and identity theft, he said.

"Though not triggering any critical impact, it reflects that our systems are vulnerable to attacks and if we fail to develop in tandem with the threats, I dare say that the attacks will become more malicious, devastating with far reaching impact on national security," Hamidi said, adding that a major cyber attack on the network linking ASEAN members would have "grave implications leading towards destabilization."

The development of defense systems in different ASEAN military forces could be rendered useless by a cyber attack causing "strategic paralysis," he said, adding that the creation of strategic alliances to counter cyber threats "would be the right direction toward ensuring the integrity of the network and continued flow of information critical in ensuring stability."

However, Nick Harvey, the U.K. Minister of State for the Armed Forces, was more cautious about creating cyber defense alliances. During the same plenary session, Harvey said it was "tempting to talk in terms of a treaty regulating state actions in cyberspace-I think this is premature and potentially counterproductive-and we should aim in the first instance to adapt our existing well-established international legal principles to cyberspace."

There is a lack of consensus or a common language for a cyber treaty and there is no clarity on principles that might form the basis of a treaty, he said.

"However, I do see merit in developing norms of behavior which are flexible enough to adapt to the changing nature of cyberspace, as well as opening up channels between states to avoid misunderstandings, such collective efforts, and provide increased confidence and security."

The annual dialogue is sponsored by the London-based International Institute for Strategic Studies and is held at the Shangri-La Hotel in Singapore.