Fahmi: Cyber Security Act could be tabled soon

There is currently no law that specifies industry players must ensure that their cyber security system is up to date 


THE Cyber Security Act will be brought to the Parliament either late this year or early next year, said Communications and Digital Minister Fahmi Fadzil. 

The urgency, he said, was due to the fact that there is currently no law that specifies industry players must ensure that their cyber security system is up to date. 

“There is no law which strictly stipulates that companies ensure their cyber security system is up to date, which is why we intend to bring the matter of the Cyber Security Act to the Parliament,” he told The Malaysian Reserve (TMR). 

He said the act will combine both Algoritma Kriptografi Sedia Ada (AKSA) and Cyber Security Malaysia (CSM) in order to have a comprehensive law on cyber security that ensures the wellbeing of the public is complied with. 

Asked on the timeline for the matter to be brought into the Parliament, he said the ministry is hoping to be able to do that in the near future. 

Commenting further, Fahmi said the Communications and Digital Ministry (KKD) received between seven and 10 cyber security incidents per week, including phishing, data leaks and website defacements. 

“The most important aspect to monitor is data leakage, and what we (the ministry) have noticed is that there are incidents of alleged data leakage on a weekly basis. 

“Oftentimes, it affects both the private and public sectors. The root cause appears to be some kind of exploits in the programming code on websites that enable these third parties to take advantage and enter the system to extract information,” he said. 

Although unable to provide the current status of solved cases, Fahmi explained that the information received by CSM either through social media or reported directly will be prompted to the Data Protection Department and National Cyber Security Agency (NACSA). 

“Subsequently, both agencies will get in touch with the respective organisation or company where the alleged breach has taken place,” he said. 

Fahmi also shared that the common modus operandi of cyber criminals revolves around hacking an obsolete system which allows them to breach the data and gather the information. 

“At least from what I can see, it involves outdated systems that were constructed several years ago,” he said, and reminded the public not to take the matter lightly as this is a problem that targets all. 

“If we have any kind of asset and infrastructure that particularly hold data, we should engage with a cyber security team to assess the vulnerability of the websites and the critical information infrastructure. 

“Once a cybersecurity problem occurs, it would be too late. So, we all have to be proactive and play our part. It is better for us to look into this proactively on our own,” he said. 

Weighing on the same issue, Malaysian Cyber Consumer Association (MCCA) chairman Datuk Ahmad Noordin Ismail said it is a good initiative from the government to establish a Malaysian Cyber Security Commission. 

However, he said, the government should still ensure that the law is defined properly as the body should not take over the job of the police in conducting investigations. 

“They should leave the investigation to the police who have more expertise in the field. 

“The other thing about cyber security is that private agencies out there are not being monitored so we do not know whether they are doing it correctly or not,” he told TMR. 

The former Bukit Aman Commercial Crime Investigation Department (Cyber and Multimedia Investigation) deputy director also said that the common modus operandi of the offenders usually revolves around instilling fear among the public, hence the government should make more effort to trace cyber criminals and do more outreach programmes to educate consumers. 

  • This article first appeared in The Malaysian Reserve weekly print edition