|IS CYBERSECURITY MALAYSIA AN ENFORCEMENT AGENCY?|
We are not a law enforcement agency. We do not knock down the doors of cyber criminals to seize computers. Enforcement can only be carried out by law enforcement agencies, such as the police. However, we provide support to enforcement agencies and victims, in ensuring that justice will prevail regardless of the "space" where a particular crime is conducted.
We assist in cyber forensics and analysis - such as analysing evidence and providing expert witnesses for relevant cases. In order for enforcement agencies to fulfill their roles, they require processes, role players, technical support and specialist centres to aid in analysing and solving technical problems to help the judicial process.
|WHAT WE MEAN BY CREATING A CULTURE OF CYBER SECURITY|
CyberSecurity Malaysia aims to "create a culture of info-security" among Malaysians. Please explain?
Most people go into the information infrastructure and concentrate on the ease of use.
Very few look at it from a safety and security perspective. For example, if we subscribe to Internet banking, we should learn about the risk factors. In social networking sites like Friendster and Facebook, we must be aware of the risk in dealing with people on these sites. We should never blindly trust people and we must be critical about what we read and see.
We aim to build a culture of security through awareness programmes and best practices among children, teenagers, parents and organisations. We have organised and created many activities to improve the level of awareness in information security. Please visit our website www.cybersecurity.my
for more information on this, or visit the independent awareness website that we run www.cybersafe.my
to download contents/resources that we have developed and to obtain safety tips for a secure venture into the cyber space.
|WHAT ABOUT CYBER LAWS|
To address the rapid increase in cyber-related crimes, the government understands that cyber laws need to be, if necessary updated to meet the current challenges.
What areas are we lacking in?
It will be in the number of cyber security professional. As of August 2019, we have 9,929 professional and we need to increase the number.Universities have already responded and are offering courses. But still, the demand is huge. We need to educate the public and create awareness on cyber security. There is no dedicated agency doing that right now. We have done some bits like creating content and interacting with schools through pilot projects.
|WHAT ABOUT CYBER CRIME|
What makes a crime a cyber crime?
There is no comprehensive definition of cyber crime. There were some attempts but no conclusive definition was agreeable. Cyber crime comes under three categories.
The first is when information and communications technology (ICT) systems and intellectual property become targets of exploitation, intrusion, identity and information theft.
The second is when ICT devices are used as means to commit crimes. For example, computers at home are used to run malicious programs to intrude other computers to steal money, identity and passwords.
The third category is where the ICT devices are used as mediums of committing crimes. For example, sedition, disharmony or unrest, slandering and instigating at higher scale come under this category. Some people say these cases must be prosecuted under cyber laws. But there are already laws that can be used to handle these cases. For example, for sedition and slander, one can be charged under the Penal Code.
How successful is CyberSecurity Malaysia in combating cyber crimes?
There are no agreed indicators to measure this success. It is hard to say how successful we are. But we have achieved some breakthroughs in many incidents. Our role in combating cyber crime involves providing specialised and in-depth tech support on how to tackle threats. For example, when there is a dedicated attack by botnet to propagate malware which is very dangerous, we quickly analyse it to look for an antidote. If there is none, then we create one to release to our partners, so Malaysians can be protected from these vulnerabilities online.
So the base has expanded and, correspondingly, complaints have also increased.
Are the cyber crime numbers escalating with the economic downturn?
Most cyber crimes are financially motivated. The impact of the economic downturn and financial crisis could potentially lead to the increase in cyber crime cases globally. With people becoming jobless and unemployed, it can lead to the boom in spam, especially those related to false job offers.
Are we lacking or, perhaps, not doing it right in combating cyber crimes?
The government has acted wisely and is far-sighted as far as cyber security issues are concerned. It has created institutions like CyberSecurity Malaysia to help us face the challenges.
There is also the National Cyber Security Policy which aims to reduce the vulnerability of ICT systems and networks. It tries to instill a culture of cyber security among Internet users and strengthen Malaysian self-reliance in terms of technology and human resources. Not many countries have such a policy or enacted laws like the Computer Crime Act 1997 and the Communication and Multimedia Act 1998.
The fundamentals have been put in place. I believe the security and safety in Malaysian cyberspace is much better than in some developed countries. For example, if a malicious virus arrives in Malaysian space, we can stop it within 24 hours. We do this by working with banks, MCMC, ISPs and the police. If you talk about a 100m sprint, we are the fastest. Our cyberspace is well governed.
|WHAT IS CYBER WAR OR CYBER TERRORISM|
There is nothing new about this term except for the "cyber" prefix. War and terrorism are "traditional" concepts that occur in the physical domain. The new domain is the "cyber" prefix.
Cyber war is warfare in cyberspace. This includes warfare attacks against a nation's state and forcing critical communications channels and information systems infrastructure and assets to fail or destroy. This may also include warfare against foreign websites which cause the websites down and not accessible.
On the other hand, cyber terrorism is the use of cyberspace to commit terrorist acts. The simple definition of cyber terrorism is the use of information technology and its means by terrorist groups and agents to cause fear and/or physical harm to the people. The perpetrator use information systems or other electronic means to launch the cyber attack against critical information infrastructures such as financial, energy, transportation and government operations. An example might be hacking into a computer system with the objective to cripple the electrical distribution grid by shutting down the control systems; to disrupt the national telecommunications network services; to sabotage the airport traffic control systems; to destroy bank information on a massive scale, therefore crippling the financial sector; and to gain access to the dam control systems, and cause massive floods.