The role of CyberSecurity Malaysia towards cyber security industry development in Malaysia

The role of CyberSecurity Malaysia towards cyber security industry development in Malaysia Presentation by Dr. Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia NATIONAL CYBERSECURITY TECHNICAL SPECIALIST AGENCY 9 th June 2015 1

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 2

The World Today is HIGHLY CONNECTED 2,749 million * Digital citizens worldwide (ITU 2013) 5 billion in 2015 (Nokia Siemen) 46% 19.2 mil Digital citizens in Malaysia (Malaysia Communication and Multimedia Commission 2013) 1,269 million * Digital citizens in Asia & Pacific (ITU 2013) 3

The World Today is HIGHLY CONNECTED 2,405,518,376 Digital citizens worldwide (as of June 2012) Digital citizens in Malaysia Source: The Star Newspaper 17 November 2012 44% 17,723,000 1,076,681,059 Digital citizens in Asia 4

Trends of Computing Technology Is Double-Edged Weapon Mobile Devices Big Data Internet of Things 5

TREND OF MALAYSIA CYBER SECURITY THREATS IN 2015 CYBER SPACE 4,581 Reported Case on General Incident Classification CYBER HARASSMENT 889,469 Reported Case of Malware & Botnet Drones Infection Info: www.mycert.my 156,357 Reported Spam Emails FRAUD! 6

Cyber Security Incidents (1997-2015) Managed more than 66,000 incidents 16,000 14,000 12,000 10,000 8,000 6,000 Type of incidents: 1. Intrusion 2. Intrusion Attempt 3. Denial of Service Attack (DOS) 4. Fraud 5. Cyber Harassment 6. Spam 7. Content Related 8. Vulnerabilities Report 9. Malicious Codes 8,090 15,218 9,986 As of 31 st May 2015 10636 11918 4581 4,000 2,000 81 196 527 347 860 625 912 915 754 1,372 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of cyber security incidents referred to CyberSecurity Malaysia (excluding spams) 1,038 2,123 3,566 7

ISSUES & CHALLENGES - Malaysia Ranked 9th In Malware Attacks Top 15 countries with highest numbers of users attacked between April 2013 and July 2014. Malaysia: 1.97% out of 3,408,112 malware attacks Source: Mobile Cyber Threats. Kaspersky Lab & INTERPOL Joint Report, October 2014 8

ISSUES & CHALLENGES - Online Banking Malware Attacks Source: TREND MICRO TrendLabs 2Q 2014 Security Roundup 9

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 10

Cyber security drives the security and economy of a nation America's economic prosperity in the 21st century will depend on cybersecurity Cyberspace, and the technologies that enable it, allow people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before. President Obama, May 2009 11

Our aspiration to enhance the nation s standard compliance to improve cyber security, privacy and spur the growth of the industry VISION2020 High Inco me NCSP (National Cyber Security Policy) Preservation and Enhancement of Unity in Diversity 1Malaysia People First, Performance Now Towards Digital Economy Effective Delivery of Government services Government Transformation Programme (GTP) 6 National Key Result Areas (NKRAs) Cyber Security & Economic Innovation are mutually reinforcing Inclusiven ess Rakyat Quality of Life Sustainabi lity New Economic Model: A high Income, inclusive and sustainable nation Economic Transformation Programme (ETP) A High Income, Inclusive and Sustainable Nation Cyber Space as Key Enabler Smooth Implementation of government development programme 10 th & 11 TH Malaysia Plan Macroeconomic growth targets & expenditure allocation Cyber Security as a New Source of Growth NCSP is a Government policy To Protect the Critical National Information Infrastructure (CNII) Strengthens CNII resiliency & enable GTP to run smoothly Revolution of IT & threats created cyber security as New Source of Growth Contributing approximately RM8.8 Billion revenue and highest export amongst IT sector mounting to high income jobs

Malaysia: Cybersecurity as new source of economic growth 13

Cybersecurity Industry in Malaysia has potential to grow to RM 8.8 bil by 2020 The cyber security market is estimated to grow from $95.60 billion in 2014 to $155.74 billion by 2019, at a Compound Annual Growth Rate (CAGR) of 10.3% from 2014 to 2019. Embracing and implementing cybersecurity standards and best practices will catalyst further adoption of IT technology to enable Malaysia to be a high technology nation. Malaysia already has a good international cybersecurity credibility, but have yet to fully capitalize on business opportunities. Strengthening the capability and innovation in cybersecurity industry has the potential to spill over to other ICT areas e.g. software, networking, service industry, e-commerce. The report Cyber Security Market (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SVM/SIEM, Disaster Recovery, DDoS Mitigation, Web Filtering, Security Services) - Global Advancements, Forecasts & Analysis (2014-2019), defines and segments the global cyber security market into various sub-segments with in-depth analysis and forecast of revenues. It also identifies drivers and restraints for this market with insights into trends, opportunities, and challenges. http://www.marketsandmarkets.com/market-reports/cyber-security-market-505.html 14

What steps have been taken by the Malaysian Government to keep cyber threats under control? One of the most important step is creating : National Cyber Security Policy (NCSP) Establishing CyberSecurity Malaysia to implement NCSP

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 16

THE NATIONAL CYBER SECURITY POLICY (NCSP) - Objective 2007 NCSP Objectives 2005 National Cyber Security Policy formulated by MOSTI 2006 NCSP Adoption and Implementation CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 Malaysia s Ministry of Science, Technology & Innovation (MOSTI) carried out the study on the National Cyber Security Policy (NCSP) in 2005 National IT Council (NITC) Meeting on 7 Apr 2006 agreed to implement NCSP and establishment of the Malaysia Cyber Security Centre to administer NCSP. NCSP was endorsed by the Cabinet in May 2006. CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets Address The Risks To The Critical National Information Infrastructure Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks Develop And Establish A Comprehensive Program And A Series Of Frameworks 17

NATIONAL CYBER SECURITY POLICY VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation. T1 NSC Effective Governance Establishment of a national info security coordination centre, effective institutional arrangements & Public Private Cooperation T5 MOSTI R & D Towards Self Reliance Acceptance & utilization of locally developed info security products NCSP THRUST AGC Legislation & Regulatory Framework Reduction of cybercrime & increased success in the prosecution in cyber crime T3 MOSTI Cyber Security Technology Framework Expansion of national certification scheme for InfoSec management & assurance T2 MICC Compliance & Enforcement Strengthen or include infosec enforcement role in all CNII regulators T7 T6 NSC Cyber Security Emergency Readiness CNII resilience against cyber crime, terrorism, info warfare MOSTI Culture Of Security & Capacity Building Reduced no. of InfoSec incidents through improved awareness & skill level T4 MICC International Cooperation International cooperation & branding on CNII protection with improved awareness & skill level T8 CNII Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on: National Defense & Security National Economic Strength National Image Government capability to function Public Health & Safety CNII SECTOR Defence & Security Transportation Banking & Finance Government Information & Communications Energy Emergency Services Water Food & Agriculture Health Services

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 19

CyberSecurity Malaysia HISTORY 20 Aug 2007 Officially launched by Prime Minister of Malaysia 2007 Official Registration CyberSecurity Malaysia 2006 Transition phase: NISER CyberSecurity Malaysia 2001 NISER (National ICT Security & Emergency Response Centre) 1997 MyCERT (Malaysian Computer Emergency Response Team) Core functions 1997 MyCERT 2001 NISER 2007 CyberSecurity Malaysia 1. National Cyber Security Policy Implementer 2.National Technical Coordination Centre 3.Cyber Threat Research & Risk Centre 4.Security Quality Management Services Provider 5.Information Security Professional Devt & Outreach 6.Cyber Emergency Services Provider 7.Malaysia s Computer Emergency Response Team 20

CyberSecurity Malaysia OBJECTIVES & MANDATE A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION Vision To be a globally recognized National Cyber Security Reference and Specialist Centre by 2020 Mission Creating and Sustaining a Safer Cyberspace to Promote National Sustainability, Social Well-Being and Wealth Creation MANDATE Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation CyberSecurity Malaysia as a National Body to monitor aspects of the National e- Security Ministerial Function Act1969, Amendment 2013 Provides specialised ICT security services and continuously identifies possible areas that may be detrimental to national security Arahan No. 24 Dasar dan Mekanisme Pengurusan Krisis Siber Negara Majlis Keselamatan Negara 2011 Peranan agensi pakar klausa 16 mukasurat 21 16.1 CyberSecurity Malaysia sebagai agensi pakar hendaklah memberi sokongan dan bantuan teknikal serta menyediakan perkhidmatan latihan dalam pengurusan krisis siber negara 21

Strategy Roadmap MISSION To create and sustain a safer cyberspace to promote National Sustainability, Social Well-Being and Wealth Creation VISION To be a globally recognised National Cyber Security Reference and Specialist Centre by 2020 Preliminary Phase [RMK 8] Phase I [RMK 9] Phase II [RMK 10] Phase III [RMK 11] 2005 2010 2015 2020 Development of nation s cybersecurity foundation Addressing Immediate Concerns & Building Infrastructure Capability & Capacity Spearheading National Info Security Resiliency & Self Reliance Globally Recognized, National Cyber Security Reference & Specialist Centre 22

CyberSecurity Malaysia CORE SERVICES CYBER SECURITY STRATEGIC ENGAGEMENT & RESEARCH Strategic Engagement Research CYBER SECURITY EMERGENCY SERVICES Security Incident Handling Digital Forensics INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH Info Security Professional Development Outreach SECURITY QUALITY MANAGEMENT SERVICES & INDUSTRY DEVELOPMENT Security Assurance (MyVAC & MySEF) Information Security Certification MyCyberClinic & EDP CSM-ACE 23

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 24

Info Security Professional Development CAPACITY BUILDING Man behind the machine is THE critical factor Develops curriculum in cyber security for colleges, polytechnics and universities to build expertise in cyber security with MOE Provides competency and professional training programmes Collaboration between CyberSecurity Malaysia and Institute of Higher Learning (IHL) in various comprehensive cyber security modules Information Security Professionals Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications. Strategic collaborations with reputable organizations in Malaysia and international accreditation institutions 25

Security Quality Management Services SECURITY ASSURANCE ASSESSMENT & EVALUATION ICT Product Security Assessment (IPSA) Services Vulnerability Assessment Services Common Criteria (CC) Evaluation Services for ICT Products and Protection Profiles Vulnerability Assessment Services Conduct the following services for Critical National Information Infrastructure (CNIIs) : Vulnerability Assessment & Penetration Testing (VAPT) for Vulnerability Assessment for Control Systems (SCADA/DCS) to CNII Inspectorate reporting services * Trustmark Technical Security Assessment services Common Criteria Protection Profile evaluation services provides customers with validated security requirements to support selection and procurement of ICT products. MySEF lab is MS ISO/IEC 17025 accredited. 26

Cyber Security Certification CYBER SECURITY CERTIFICATION Security Product Certification E-Business Validation http://csm27001.cybersecurity.my Information Security Management System Certification 41 products certified 28 websites certified 21 organizations certified Evaluate and certify the security functions of ICT products based on ISO/IEC 15408 international standard also known as Common Criteria. Using the guidelines from the World Trustmark Alliance (WTA) to validate the e-business website security, legality and good e-business behaviour under the Malaysia Trustmark for Private Sector (MTPS) programme. Certify organization s Information Security Management System scope based on the MS ISO/IEC 27001 27

Entrepreneurship Development Program Cyber CSI ICT Services Training & Awareness DATA RECOVERY DATA SANITIZATION DIGITAL FORENSIC SERVICES PC DIAGNOSTIC SOFTWARE & HARDWARE CONSULTANCIES PROFESSIONAL CERTIFICATION & OUTREACH PROGRAMS O BJ C E T I V E S Provide an avenue for people to obtain assistance and to resolve issues from a trusted service provider at competitive cost Provide an avenue for building up entrepreneurs & creation of jobs through partnership with the industry in running the clinics 28

CyberSecurity Malaysia Awards, Conference & Exhibition 2015 CSM-ACE 2015 29

INTERNATIONALIZATION OF CYBER SECURITY SERVICES in Malaysia s relevant cyber interests at opportunities at security meetings international cyber international cyber and events to security platforms security platforms promote Malaysia s and act on where Malaysia can ENGAGEParticipate positions and elements where vie for positions to interests in the said Malaysia can get play a leadership meetings and PRIORITIZEEvaluate tangible benefits role to project events LEADERSHIPExplore Malaysia s image and voice on third world interests and promote Malaysia s interests APCERT 30

OUTLINE Global & Malaysia Cyber Security Landscape Driving Nation s Sovereignty & Economy Through Cyber Security National Cyber Security Policy (NCSP) Cybersecurity Malaysia (CSM) Our Initiatives To Spur Cyber Security Industry In Malaysia Way Forward 31

1. ISMS Certification to preserve confidentiality, integrity and availability of information assets 2. Malaysia Trustmark for secure e-business websites 3. ICT products evaluation and certification under the Common Criteria ISO/IEC 15408 32

AND to minimise risks 1. Rethink approach to IT security Proactive senior management involvement IT security = business enabler, not infrastructure cost Align IT security strategy to corporate risk management objectives 2. Update security policies Organisations need to handle new trends like BYOD and cloud etc 3. Adopt intelligent multi-layer defence Application security is important in a Web-centric world 4. Maintain up-to-date systems (e.g. patches) 5. Educate users on security best practices 33

34