Malaysia's National Cyber Security Policy

download Malaysia's National Cyber Security Policy

of 47

  • date post

    15-Jul-2015
  • Category

    Technology

  • view

    7.196
  • download

    10

Embed Size (px)

Transcript of Malaysia's National Cyber Security Policy

  • Copyright 2013 CyberSecurity Malaysia

    MALAYSIAS NATIONAL CYBER SECURITY POLICY An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection

    10 September 2013 Bandung, Indonesia

    MOHD SHAMIR B HASHIM Vice President Government and Multilateral Engagement

  • Copyright 2013 CyberSecurity Malaysia

    Critical infrastructures are increasingly dependent on information and communication. The potential natural disasters or terrorist attacks, which threaten the critical infrastructure and critical

    information infrastructure as well, are dramatically increasing today. Risks to the CIIs include man-made attacks, natural disasters and technical failures. The high dependence on CNIIs, their cross-border interconnectedness and interdependencies with

    other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systematic perspective as the frontline of defense against failures and attacks.

    Cyber Threats CRITICAL INFORMATION INFRASTRUCTURES

    POWER GENERATION

    SERVICES

    DISTRIBUTION

    Interdependencies The high degree of

    interdependency between the critical infrastructure sectors means failures in one sector can propagate into others.

    2

  • Copyright 2013 CyberSecurity Malaysia

    Cyber Content Related Threats Technology Related Threats

    Hack Threat

    Fraud

    Denial of Service Attack

    Intrusion

    Malicious Code

    Harassment

    Threats to National Security

    Sedition / Defamation

    Online Porn

    Hate Speech

    3

    Cyber Threats CLASIFICATIONS

  • Copyright 2013 CyberSecurity Malaysia 4

    2005

    National Cyber Security Policy formulated by MOSTI

    NCSP Adoption and Implementation 20

    06

    CyberSecurity Malaysia launched by

    Prime Minister of Malaysia on 20 Aug 2007

    2007

    The policy recognises the critical and highly interdependent nature of the CNII and aims to

    develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets

    NCSP Objectives

    Address The Risks To The Critical National

    Information Infrastructure

    Ensure That Critical Infrastructure Are

    Protected To A Level That Is

    Commensurate With The Risks

    Develop And Establish A

    Comprehensive Program And A

    Series Of Frameworks

    Cyber Security Governance NATIONAL CYBER SECURITY POLICY

    4

  • Copyright 2013 CyberSecurity Malaysia

    VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and

    self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation

    5

    DEFENCE & SECURITY Ministry of Defense, Military Ministry of Home Affairs, Police

    TRANSPORTATION Ministry of Transport

    BANKING & FINANCE Ministry of Finance Central Bank Securities Commission

    HEALTH SERVICES Ministry of Health

    EMERGENCY SERVICES Ministry of Housing & Local Municipality

    CRITICAL NATIONAL INFORMATION INFRASTRUCTURE

    Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on National Defense & Security

    National Economic Strength

    National Image Government capability to function

    Public Health & Safety

    ENERGY Energy Commission

    INFORMATION & COMMUNICATIONS Ministry of Communications & Multimedia

    GOVERNMENT Malaysia Administrative, Modernisation and Management Planning Unit

    FOOD & AGRICULTURE Ministry of Agriculture

    WATER National Water Service Commission

    National Cyber Security Policy CNII SECTORS

  • Copyright 2013 CyberSecurity Malaysia

    Effective Governance National Security Council

    Legislation & Regulatory Framework Attorney Generals Office

    Cyber Security Technology Framework Ministry of Science,

    Technology and Innovation

    Culture of Security and Capacity Building

    Ministry of Science, Technology and

    Innovation

    Research & Development Towards Self Reliance

    Ministry of Science, Technology and

    Innovation

    Compliance & Enforcement Ministry of Information,

    Communications & Culture

    Cyber Security Emergency Readiness National Security Council

    International Collaboration Ministry of Information,

    Communications & Culture

    1 2345678

    6

    National Cyber Security Policy POLICY THRUST

  • Copyright 2013 CyberSecurity Malaysia

    Effective Governance National Security Council

    Legislation & Regulatory Framework Attorney Generals Office

    Cyber Security Technology Framework Ministry of Science,

    Technology and Innovation

    Culture of Security and Capacity Building

    Ministry of Science, Technology and

    Innovation

    Research & Development Towards Self Reliance

    Ministry of Science, Technology and

    Innovation

    Compliance & Enforcement Ministry of Information,

    Communications & Culture

    Cyber Security Emergency Readiness National Security Council

    International Collaboration Ministry of Information,

    Communications & Culture

    1 2345678

    7

    National Cyber Security Policy POLICY THRUST

  • Copyright 2013 CyberSecurity Malaysia

    CyberSecurity Malaysia (www.cybersecurity.my) A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (www.mosti.gov.my).

    Pt 1: Effective Governance CYBERSECURITY MALAYSIA

    Ministerial Function Act1969, Amendment 2009

    Provides specialised ICT security services and continuously identifies

    possible areas that may be detrimental to national security

    Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation

    CyberSecurity Malaysia as a National Body to monitor aspects of the National e-

    Security

    VISION To be a globally recognised National

    Cyber Security Reference and Specialist Centre by 2020

    MISSION Creating and Sustaining a Safer Cyberspace to Promote National

    Sustainability, Social Well-Being and Wealth Creation

    8

    Establishment of a national info security coordination

    centre

  • Copyright 2013 CyberSecurity Malaysia

    STRATEGY ENGAGEMENT &

    RESEARCH

    INFO SECURITY PROFESSIONAL

    DEVELOPMENT & OUTREACH

    SECURITY QUALITY MANAGEMENT

    SERVICES

    CYBER SECURITY EMERGENCY

    SERVICES

    Digital Forensics

    Security Management & Best

    Practices Info Security Professional Development

    Outreach

    Strategy Engagement

    Research

    Information Security Certification Body

    CyberSecurity Malaysia CORE FUNCTIONS / SERVICES

    Security Assurance

    Security Incident Handling

    9

  • Copyright 2013 CyberSecurity Malaysia

    National Security Council Chair : Y.A.B. Prime Minister Secretariat: NSC

    E-Sovereignty Working Group Chair : Under Secretary of NSC

    National Cyber

    Security Coordination Committee

    Chair : NSC Secretariat : NSC

    Government Communication

    Strategy Enhancement

    Committee

    Chair : PMO Secreatriat : BHEUU

    National Cyber Crisis Coordination Committee

    Chair : PMO

    Secretariat : NSC

    Cyber Law Committee

    Chair : AGC Secretariat : AGC

    National Acculturation

    & Capacity Building

    Committee

    Chair : MOSTI Secretariat :

    MOSTI

    MICC compliance & Enforcement Committee

    Chair : MICC Secretariat :

    MICC

    E-Sovereignty Committee Chair : Y.A.B. Deputy Prime Minister Secretariat: NSC

    National IT Council (NITC) Chair : Y.A.B. Prime Minister Secretariat: MOSTI

    POLICY CONTENT CRISIS MANAGEMENT LEGISLATION

    ACCULTURATION & CAPACITY BUILDING

    COMPLIANCE & ENFORCEMENT

    Pt 1: Effective Governance ORGANIZATION STRUCTURE

    10

  • Copyright 2013 CyberSecurity Malaysia 11

    MAMPU National Security Council Attorney Generals Chambers Chief Government Security Office Ministry of Science, Technology & Innovation Ministry of Defense Ministry of Foreign Affairs Ministry of Energy, Green Technology & Water Ministry of Information, Communication & Culture Ministry of Transportation Ministry of Home Affairs Royal Malaysian Police Southeast Asia Regional Center for Counter-Terrorism Bank Negara Malaysia National Water Services Commission Malaysian Communication & Multimedia Commission Energy Commission Securities Commission Malaysia Khazanah Nasional Berhad CyberSecurity Malaysia MIMOS Berhad Standards Malaysia

    Pt 1: Effective Governance NATIONAL COORDINATION COMMITTEE

  • Copyright 2013 CyberSecurity Malaysia

    Effective Governance National Security Council

    Legislation & Regulatory Framework Attorney Generals Office

    Cyber Security Technology Framework Ministry of Science,

    Technology and Innovation

    Culture of Security and Capacity Building

    Ministry of Science, Technology and

    Innovation

    Research & Development Towards Self Reliance

    Ministry of Science, Technology and

    Innovation

    Compliance & Enforcement Ministry of Information,

    Communications & Culture

    Cyber S