2019 MCMC Research Symposium Cyber Security vs. Cyber Resilience ~Knowing the difference and relevance in strengthening the Digital Ecosystem 21 November 2019
The Global Trend The Technologies Today … The Emerging Technologies … The Near Future Technologies … Protecting the Cyber Environment is the key to the “TRUST” Digital National Economy Security & Sovereignty 2
TOP 5 EMERGING TECHNOLOGIES INTERNET OF ARTIFICIAL VIRTUAL REALITY SERVERLESS 5G MOBILE THINGS (IOT) INTELLIGENCE (VR)/AUGMENTED COMPUTING/CLOUD REALITY (AR) COMPUTING Technologies that will drive the IR4.0, Smart City, Digital Economy & etc … 3
THREAT ACTORS Cyber threat is inherently international and cyber threat actors affect areas throughout the world at the same time to increase their success rates 4
CYBER SECURITY THREAT LANDSCAPE Cyber Attack Breached of Cybercrime Technology Hacktivism Harmful Terrorist use on Critical Sensitive Vulnerabilities Internet of Internet Infrastructure Information (Dependencies) Content Socially or Influencing Information Too Dependent Pornography Power Online Fraud Ideology on Technologies Politically Stolen- Unaware Supply Grid Child and Companies Motivated Fund Internet Abused Phishing – Unauthorized Information Raising Infrastructure Materials Revenge Access to Stolen - Critical Banking Exposed Online Recruiting Intrusion Information & System Gambling Attention Information System Operation Airlines Stolen – Cyber Planning Services Criminal Bullying Activities IMPACT Privacy Government to Function National Security National Image Sovereignty Economy Public Safety 5
Cyber Security vs. Cyber Resilience The ability to anticipate, preservation of withstand, recover from, confidentiality, and adapt to adverse integrity and conditions, stresses, availability of attacks, or compromises on information in the systems that use or are Cyberspace enabled by cyber // ISO 27032 – Guidelines resources. for Cybersecurity //Draft NIST Special Publication 800-160 Vol 2 – Developing Cyber Resilient System CYBER RISKS 6
National lead agency for cyber security , with the objectives of securing and strengthening Malaysia's resilience in facing the threats of cyber attacks, by coordinating and consolidating the nation's best experts and resources in the field of cyber Officially established in security. February 2017 Protection of Critical National Information Infrastructure Coordination Strategy in Managing Cyber Crime Policy/Strategy RESOURCES Cyber Security Technology Formulation Monitor & Capacity & Capability Building Improve Coordination Education & Awareness 7
WHEN AND HOW DID WE START? Malaysia started early in Cyber Security initiatives since 1997 to support the implementation of the Multimedia Super Corridor (MSC) in creating the best environment for Malaysia to harness the full potential of ICT and become the big user of ICT. Communications United Nations and Multimedia Act Group of • NCCMP 1998 Governmental • 1 st X-Maya International Experts Cyber Drill Internet (UNGGE) • Started NCSP Gateway Implementation NACSA • National Security under MKN Council created Cyber & Space Cybersecurity National Cyber • Computer Security Division Governance Coordination and Crimes Act • National Cyber Command 1997 Security Policy Centre (NC4) • Digital WHY DO WE (NCSP) Signature NEED TO JPDP Act 1997 ESTABLISH MKN’s Arahan 24 NACSA Under MIMOS launched Under MIMOS 1992 1997 1998 1999 2001 2004 2006 2007 2008 2010 2011 2013 2016 2017 8
NATIONAL CYBER SECURITY ECO-SYSTEM NACSA, MKN Legal, Technical & Economy Support Government Digital Initiatives Provide Engagement Platforms Policy Information Sharing Governance Public- Private Partnerships Resource Utilization Coordination Industry involvement Protection of SMEs and Businesses SECTOR LEAD Critical National Information Infrastructure Protection AGC, PDRM, MCMC, BNM, SC, Cybercrime KPDNHEP, MOH CSM MCMC, PDRM, BNM, SC, MOE,NGOs, Awareness & Education Private Sectors, Industries CSM PDRM, ILKAP, INTAN, MDEC, MCMC, CSM, Capacity Building UNIVERSITIES & POLYTECHNICS KKMM, MCMC, MINDEF, KDN, KLN International Cooperation ATM, PDRM, RD National Security & Sovereignty 9
MALAYSIAN CYBER SECURITY STRATEGY 5 STRATEGIC PILLARS 35 Action Plans 112 Programmes 5 Pillars 12 Strategies Clear role of Key Agencies S1 Enhance National Cyber Security Cyber Security in National Agenda Governance and Ecosystem S11 Strengthening International S2 Improve Organisation Collaboration and Management and Business P1 P1 Cooperation in Cyber Security Operation (Government, CNII Affairs Effective Governance and Business) and Management P5 P5 S12 Demonstrating Malaysia's S3 Strengthen Cyber Security Commitment in Promoting Incident Management and Active Strengthening Global P2 P2 Secure, Stable and Peaceful Collaboration Cyber Defense Cyberspace to Uphold Strengthening International Security The Five Legislative S4 Enhance Malaysia’s Cyber Laws Framework Strategic Pillars to Address Current and P4 P4 and Enforcement Emerging Threats S8 Enhance National Cyber Developing Security Capacity and Capabilty S5 Enhance the Capacity and Capacity & P3 P3 Building Capability Capability of Cyber Crime Building, Enforcement S9 Enhance Cyber Security Catalysing World Class Awareness and Innovative, Technology, Education Awareness R&D and Industry S6 Spur National Cyber Security S10 Nourish Cyber Security R&D Programme Knowledge Through Education S7 Promote a Competitive Local Industry and Technology 10
MALAYSIA CYBER SECURTIY STRATEGY Effective Governance & Management - Protection of Critical 3-S National - Cyber Risk Framework Infrastructure through - Effective Coordination Sectoral Active Cyber Defence - Information Sharing - Strengthen Incident Organisation - Clear Roles & Responsibilities Management - Supply Chain Security 1 - Technology Security Threat Visibility Integrated SOC - Small & Medium Enterprises Operation Early Warning - Industries - Policy, Regulations, NATIONAL Detect Predict Prevent Deter Respond CYBER WORKFORCE Guideline, Compliance Developing Catalysing World Strengthening 2-S 2-S 3-S Strengthening 2-S Capacity & Class Innovative, Global Legislative Capability Building, Technology, R&D Collaboration Framework & 3 4 5 2 Awareness and and Industry Enforcement Education - Address cyber security - Study & review existing - R&D Roadmap - National Cyber Security as a priority in foreign - National Cyber Security law Capacity & capability policy - Study & enact new Challenge Repository Building Plan - Align domestic and - Venture Capital to specific law international cyber market new local Cyber - Enhance the capacity & - National Cyber Security security efforts capability of Cybercrime security solutions Awareness Master Plan - Actively participate & - Incentives /showcases Enforcement contribute in key - National Cybercrime - Promote local products - Nourish Cyber Security international fora and - Cyber Certification Enforcement Plan Knowledge through strategically collaborate Body - National Cybercrime Education with international Coordination Centre - Centre of Excellence partners
THANK YOU
Recommend
More recommend
