The National Cyber Security Policy

Transcription

1 The Natinal Cyber Security Plicy Ministry f Science, Technlgy and Innvatin f Malaysia (MOSTI) The Natinal Cyber Security Plicy Page 1 f 7

2 The Natinal Cyber Security Plicy Executive Summary Malaysia s jurney twards a knwledge-based ecnmy (K-ecnmy) began with the launch f Visin 2020 by the Prime Minister f Malaysia in February The grwing dependency n infrmatin systems, cupled with their inherent risks, benefits and pprtunities has made infrmatin security gvernance an increasingly critical driver in achieving Visin In recgnitin f this, the Ministry f Science, Technlgy and Innvatin (MOSTI) in 2005 cnduct a study n the develpment f a Natinal Cyber Security Plicy (NCSP). The bjectives f the study were t: 1) Assess the current situatin f infrmatin security within the Critical Natinal Infrmatin Infrastructure (CNII) sectrs; 2) Advise n the enhancements t be made in the field f infrmatin security fr each f the CNII sectrs; 3) Frmulate a natinal cyber security plicy, based n the results frm bjectives 1 and 2; and 4) Chart ut a radmap and actin plan fr the implementatin f the NCSP. Page 2 f 7

3 The Natinal Cyber Security Plicy NATIONAL CYBER SECURITY POLICY (NCSP) Five key aspects have been identified which made up the NCSP Framewrk. The key aspects are: Legislatin and Regulatry Technlgy Public Private Cperatin Institutinal Internatinal The CNII is defined as thse assets (real and virtual), systems and functins that are vital t the natin that their incapacity r destructin wuld have a devastating impact n: 1) natinal ecnmic strength; 2) natinal image; 3) natinal defense and security; 4) gvernment capabilities t functin; and 5) public health and safety. The fllwing ten sectrs have been identified as Malaysia s CNII: 1. Defence and Security 2. Transprtatin 3. Banking and Finance 4. Health Services 5. Energy 6. Infrmatin and Cmmunicatins 7. Water 8. Emergency Services 9. Gvernment 10. Fd and Agriculture Page 3 f 7

4 The Natinal Cyber Security Plicy The main highlights f the assessment in the develpment f the NCSP are: Strength: Natinal infrmatin security entities have been established and are peratinal, Gvernment and regulatry bdies are actively invlved in infrmatin security within the gvernment, finance and cmmunicatins sectrs, Laws and regulatins pertaining t infrmatin security have been enrlled and are being enfrced: Cmmunicatins and Multimedia Act 1998 by the Malaysian Cmmunicatins and Multimedia Cmmissin (MCMC) Cmputer Crimes Act 1997 by the Ryal Malaysia Plice (Plis Diraja Malaysia PDRM) Digital Signature Act 1997 by MCMC Malaysian standards fr infrmatin security management and assurance exist: MS ISO and MS ISO Infrmatin security R&D is being cnducted at universities, in industry and at gvernment linked research institutins Incident respnse services are available frm CyberSecurity Malaysia. Amngst thers, MOSTI, the Ministry f Infrmatin, Cmmunicatins and Culture (MICC), CyberSecurity Malaysia and MCMC are actively participating in internatinal frums n infrmatin security cmpliance and enfrcement. Challenges: Enhancing the cperatin between gvernment agencies, regulatry bdies and the private sectr. Develping and prmting infrmatin exchange mechanisms. Ensuring infrmatin security related laws and regulatins are cmprehensive. Standardizing minimum r mandatry infrmatin security requirements. Page 4 f 7

5 The Natinal Cyber Security Plicy Cnsistently enfrcing minimum r mandatry infrmatin security requirements. Building capacity in qualified and experienced infrmatin security prfessinals and law enfrcement persnnel. Extending the breadth and depth f infrmatin security educatin and awareness prgrammes. Enhancing the crdinatin f infrmatin security R&D. Reducing reliance n freign technlgy. Standardizing infrmatin security plicy, business cntinuity management and risk management framewrks. Imprving reprting f, and respnse t infrmatin security incidents. Opprtunities: Prmte Stability Reduced the risk f disruptin t critical services. Reduced cyber crime and fraud. Scial Wellbeing Increased the use and early adptin f new technlgies. Expansin f the nline service prvisin. Wealth Creatin Increased public use f nline services. Develpment f infrmatin security industry and intellectual prperty. Attractin f inward investments. Page 5 f 7

6 The Natinal Cyber Security Plicy The Natinal Cyber Security Plicy has the fllwing visin statement: Malaysia's Critical Natinal Infrmatin Infrastructure shall be secure, resilient and self-reliant. Infused with a culture f security, it will prmte stability, scial well being and wealth creatin The Natinal Cyber Security Plicy has eight plicy thrusts areas fr further cnsideratin. The thrust areas, pssible utcmes and thrust drivers are summarised in the diagram belw: The Gvernance Structure Each f the thrusts is inter-related with each ther and has its wn rle in mitigating cyber incidents and disruptins t the CNII. Effective gvernance, MOSTI as the thrust driver is t ensure that the implementatin f the NCSP is develped and crdinated prperly by bdies r parties hld the apprpriate authrity. Therefre effective infrmatin sharing between public and the private sectrs shuld be established. Page 6 f 7

7 The Natinal Cyber Security Plicy The diagram shwn any decisins made at the higher level will be translated int actins at the lwer level. One f NaCSAC respnsibility is t advise and endrse cyber security plicies acrss the Critical Natinal Infrmatin Infrastructure (CNII). The Natinal Cyber Security Plicy has a three-phased apprach fr the initiatives t be implemented. The first phase is t address immediate cncerns and t ensure that fundamental vulnerabilities are dealt with. Develpment f the cyber security infrastructure happens in the secnd phase, and in the third phase systems and prcesses that ensure cntinuus imprvement f infrmatin security within the CNII is established. Way Frward T mve twards the secure, resilient and self reliant CNII as laid ut in the visin statement, it is recmmended t adpt, implement and institutinalize f the eight plicy thrusts and the recmmendatins made by the Natinal Cyber Security Plicy. Once implemented it is cnfident that Malaysia s CNII will be better placed t meet the challenges and pprtunities that the technlgical advancement brings and that it will help t achieve the bjectives f Visin Page 7 f 7