The role of CyberSecurity Malaysia towards cyber security industry development in Malaysia

Transcription

1 The role of CyberSecurity Malaysia towards cyber security industry development in Malaysia Presentation by Dr. Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia NATIONAL CYBERSECURITY TECHNICAL SPECIALIST AGENCY 9 th June

2 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 2

3 The World Today is HIGHLY CONNECTED 2,749 million * Digital citizens worldwide (ITU 2013) 5 billion in 2015 (Nokia Siemen) 46% 19.2 mil Digital citizens in Malaysia (Malaysia Communication and Multimedia Commission 2013) 1,269 million * Digital citizens in Asia & Pacific (ITU 2013) 3

4 The World Today is HIGHLY CONNECTED 2,405,518,376 Digital citizens worldwide (as of June 2012) Digital citizens in Malaysia Source: The Star Newspaper 17 November % 17,723,000 1,076,681,059 Digital citizens in Asia 4

5 Trends of Computing Technology Is Double-Edged Weapon Mobile Devices Big Data Internet of Things 5

6 TREND OF MALAYSIA CYBER SECURITY THREATS IN 2015 CYBER SPACE 4,581 Reported Case on General Incident Classification CYBER HARASSMENT 889,469 Reported Case of Malware & Botnet Drones Infection Info: 156,357 Reported Spam s FRAUD! 6

7 Cyber Security Incidents ( ) Managed more than 66,000 incidents 16,000 14,000 12,000 10,000 8,000 6,000 Type of incidents: 1. Intrusion 2. Intrusion Attempt 3. Denial of Service Attack (DOS) 4. Fraud 5. Cyber Harassment 6. Spam 7. Content Related 8. Vulnerabilities Report 9. Malicious Codes 8,090 15,218 9,986 As of 31 st May ,000 2, , Number of cyber security incidents referred to CyberSecurity Malaysia (excluding spams) 1,038 2,123 3,566 7

8 ISSUES & CHALLENGES - Malaysia Ranked 9th In Malware Attacks Top 15 countries with highest numbers of users attacked between April 2013 and July Malaysia: 1.97% out of 3,408,112 malware attacks Source: Mobile Cyber Threats. Kaspersky Lab & INTERPOL Joint Report, October

9 ISSUES & CHALLENGES - Online Banking Malware Attacks Source: TREND MICRO TrendLabs 2Q 2014 Security Roundup 9

10 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 10

11 Cyber security drives the security and economy of a nation America's economic prosperity in the 21st century will depend on cybersecurity Cyberspace, and the technologies that enable it, allow people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before. President Obama, May

12 Our aspiration to enhance the nation s standard compliance to improve cyber security, privacy and spur the growth of the industry VISION2020 High Inco me NCSP (National Cyber Security Policy) Preservation and Enhancement of Unity in Diversity 1Malaysia People First, Performance Now Towards Digital Economy Effective Delivery of Government services Government Transformation Programme (GTP) 6 National Key Result Areas (NKRAs) Cyber Security & Economic Innovation are mutually reinforcing Inclusiven ess Rakyat Quality of Life Sustainabi lity New Economic Model: A high Income, inclusive and sustainable nation Economic Transformation Programme (ETP) A High Income, Inclusive and Sustainable Nation Cyber Space as Key Enabler Smooth Implementation of government development programme 10 th & 11 TH Malaysia Plan Macroeconomic growth targets & expenditure allocation Cyber Security as a New Source of Growth NCSP is a Government policy To Protect the Critical National Information Infrastructure (CNII) Strengthens CNII resiliency & enable GTP to run smoothly Revolution of IT & threats created cyber security as New Source of Growth Contributing approximately RM8.8 Billion revenue and highest export amongst IT sector mounting to high income jobs

13 Malaysia: Cybersecurity as new source of economic growth 13

14 Cybersecurity Industry in Malaysia has potential to grow to RM 8.8 bil by 2020 The cyber security market is estimated to grow from $95.60 billion in 2014 to $ billion by 2019, at a Compound Annual Growth Rate (CAGR) of 10.3% from 2014 to Embracing and implementing cybersecurity standards and best practices will catalyst further adoption of IT technology to enable Malaysia to be a high technology nation. Malaysia already has a good international cybersecurity credibility, but have yet to fully capitalize on business opportunities. Strengthening the capability and innovation in cybersecurity industry has the potential to spill over to other ICT areas e.g. software, networking, service industry, e-commerce. The report Cyber Security Market (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SVM/SIEM, Disaster Recovery, DDoS Mitigation, Web Filtering, Security Services) - Global Advancements, Forecasts & Analysis ( ), defines and segments the global cyber security market into various sub-segments with in-depth analysis and forecast of revenues. It also identifies drivers and restraints for this market with insights into trends, opportunities, and challenges. 14

15 What steps have been taken by the Malaysian Government to keep cyber threats under control? One of the most important step is creating : National Cyber Security Policy (NCSP) Establishing CyberSecurity Malaysia to implement NCSP

16 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 16

17 THE NATIONAL CYBER SECURITY POLICY (NCSP) - Objective 2007 NCSP Objectives 2005 National Cyber Security Policy formulated by MOSTI 2006 NCSP Adoption and Implementation CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 Malaysia s Ministry of Science, Technology & Innovation (MOSTI) carried out the study on the National Cyber Security Policy (NCSP) in 2005 National IT Council (NITC) Meeting on 7 Apr 2006 agreed to implement NCSP and establishment of the Malaysia Cyber Security Centre to administer NCSP. NCSP was endorsed by the Cabinet in May CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets Address The Risks To The Critical National Information Infrastructure Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks Develop And Establish A Comprehensive Program And A Series Of Frameworks 17

18 NATIONAL CYBER SECURITY POLICY VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation. T1 NSC Effective Governance Establishment of a national info security coordination centre, effective institutional arrangements & Public Private Cooperation T5 MOSTI R & D Towards Self Reliance Acceptance & utilization of locally developed info security products NCSP THRUST AGC Legislation & Regulatory Framework Reduction of cybercrime & increased success in the prosecution in cyber crime T3 MOSTI Cyber Security Technology Framework Expansion of national certification scheme for InfoSec management & assurance T2 MICC Compliance & Enforcement Strengthen or include infosec enforcement role in all CNII regulators T7 T6 NSC Cyber Security Emergency Readiness CNII resilience against cyber crime, terrorism, info warfare MOSTI Culture Of Security & Capacity Building Reduced no. of InfoSec incidents through improved awareness & skill level T4 MICC International Cooperation International cooperation & branding on CNII protection with improved awareness & skill level T8 CNII Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on: National Defense & Security National Economic Strength National Image Government capability to function Public Health & Safety CNII SECTOR Defence & Security Transportation Banking & Finance Government Information & Communications Energy Emergency Services Water Food & Agriculture Health Services

19 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 19

20 CyberSecurity Malaysia HISTORY 20 Aug 2007 Officially launched by Prime Minister of Malaysia 2007 Official Registration CyberSecurity Malaysia 2006 Transition phase: NISER CyberSecurity Malaysia 2001 NISER (National ICT Security & Emergency Response Centre) 1997 MyCERT (Malaysian Computer Emergency Response Team) Core functions 1997 MyCERT 2001 NISER 2007 CyberSecurity Malaysia 1. National Cyber Security Policy Implementer 2.National Technical Coordination Centre 3.Cyber Threat Research & Risk Centre 4.Security Quality Management Services Provider 5.Information Security Professional Devt & Outreach 6.Cyber Emergency Services Provider 7.Malaysia s Computer Emergency Response Team 20

21 CyberSecurity Malaysia OBJECTIVES & MANDATE A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION Vision To be a globally recognized National Cyber Security Reference and Specialist Centre by 2020 Mission Creating and Sustaining a Safer Cyberspace to Promote National Sustainability, Social Well-Being and Wealth Creation MANDATE Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation CyberSecurity Malaysia as a National Body to monitor aspects of the National e- Security Ministerial Function Act1969, Amendment 2013 Provides specialised ICT security services and continuously identifies possible areas that may be detrimental to national security Arahan No. 24 Dasar dan Mekanisme Pengurusan Krisis Siber Negara Majlis Keselamatan Negara 2011 Peranan agensi pakar klausa 16 mukasurat CyberSecurity Malaysia sebagai agensi pakar hendaklah memberi sokongan dan bantuan teknikal serta menyediakan perkhidmatan latihan dalam pengurusan krisis siber negara 21

22 Strategy Roadmap MISSION To create and sustain a safer cyberspace to promote National Sustainability, Social Well-Being and Wealth Creation VISION To be a globally recognised National Cyber Security Reference and Specialist Centre by 2020 Preliminary Phase [RMK 8] Phase I [RMK 9] Phase II [RMK 10] Phase III [RMK 11] Development of nation s cybersecurity foundation Addressing Immediate Concerns & Building Infrastructure Capability & Capacity Spearheading National Info Security Resiliency & Self Reliance Globally Recognized, National Cyber Security Reference & Specialist Centre 22

23 CyberSecurity Malaysia CORE SERVICES CYBER SECURITY STRATEGIC ENGAGEMENT & RESEARCH Strategic Engagement Research CYBER SECURITY EMERGENCY SERVICES Security Incident Handling Digital Forensics INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH Info Security Professional Development Outreach SECURITY QUALITY MANAGEMENT SERVICES & INDUSTRY DEVELOPMENT Security Assurance (MyVAC & MySEF) Information Security Certification MyCyberClinic & EDP CSM-ACE 23

24 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 24

25 Info Security Professional Development CAPACITY BUILDING Man behind the machine is THE critical factor Develops curriculum in cyber security for colleges, polytechnics and universities to build expertise in cyber security with MOE Provides competency and professional training programmes Collaboration between CyberSecurity Malaysia and Institute of Higher Learning (IHL) in various comprehensive cyber security modules Information Security Professionals Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications. Strategic collaborations with reputable organizations in Malaysia and international accreditation institutions 25

26 Security Quality Management Services SECURITY ASSURANCE ASSESSMENT & EVALUATION ICT Product Security Assessment (IPSA) Services Vulnerability Assessment Services Common Criteria (CC) Evaluation Services for ICT Products and Protection Profiles Vulnerability Assessment Services Conduct the following services for Critical National Information Infrastructure (CNIIs) : Vulnerability Assessment & Penetration Testing (VAPT) for Vulnerability Assessment for Control Systems (SCADA/DCS) to CNII Inspectorate reporting services * Trustmark Technical Security Assessment services Common Criteria Protection Profile evaluation services provides customers with validated security requirements to support selection and procurement of ICT products. MySEF lab is MS ISO/IEC accredited. 26

27 Cyber Security Certification CYBER SECURITY CERTIFICATION Security Product Certification E-Business Validation Information Security Management System Certification 41 products certified 28 websites certified 21 organizations certified Evaluate and certify the security functions of ICT products based on ISO/IEC international standard also known as Common Criteria. Using the guidelines from the World Trustmark Alliance (WTA) to validate the e-business website security, legality and good e-business behaviour under the Malaysia Trustmark for Private Sector (MTPS) programme. Certify organization s Information Security Management System scope based on the MS ISO/IEC

28 Entrepreneurship Development Program Cyber CSI ICT Services Training & Awareness DATA RECOVERY DATA SANITIZATION DIGITAL FORENSIC SERVICES PC DIAGNOSTIC SOFTWARE & HARDWARE CONSULTANCIES PROFESSIONAL CERTIFICATION & OUTREACH PROGRAMS O BJ C E T I V E S Provide an avenue for people to obtain assistance and to resolve issues from a trusted service provider at competitive cost Provide an avenue for building up entrepreneurs & creation of jobs through partnership with the industry in running the clinics 28

29 CyberSecurity Malaysia Awards, Conference & Exhibition 2015 CSM-ACE

30 INTERNATIONALIZATION OF CYBER SECURITY SERVICES in Malaysia s relevant cyber interests at opportunities at security meetings international cyber international cyber and events to security platforms security platforms promote Malaysia s and act on where Malaysia can ENGAGEParticipate positions and elements where vie for positions to interests in the said Malaysia can get play a leadership meetings and PRIORITIZEEvaluate tangible benefits role to project events LEADERSHIPExplore Malaysia s image and voice on third world interests and promote Malaysia s interests APCERT 30

31 OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 31

32 1. ISMS Certification to preserve confidentiality, integrity and availability of information assets 2. Malaysia Trustmark for secure e-business websites 3. ICT products evaluation and certification under the Common Criteria ISO/IEC

33 AND to minimise risks 1. Rethink approach to IT security Proactive senior management involvement IT security = business enabler, not infrastructure cost Align IT security strategy to corporate risk management objectives 2. Update security policies Organisations need to handle new trends like BYOD and cloud etc 3. Adopt intelligent multi-layer defence Application security is important in a Web-centric world 4. Maintain up-to-date systems (e.g. patches) 5. Educate users on security best practices 33

34 34