Copyright © 2013 CyberSecurity Malaysia
MALAYSIA’S NATIONAL CYBER SECURITY POLICY An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection
10 September 2013 Bandung, Indonesia
MOHD SHAMIR B HASHIM Vice President Government and Multilateral Engagement
Copyright © 2013 CyberSecurity Malaysia
§ Critical infrastructures are increasingly dependent on information and communication. § The potential natural disasters or terrorist attacks, which threaten the critical infrastructure and critical
information infrastructure as well, are dramatically increasing today. § Risks to the CIIs include man-made attacks, natural disasters and technical failures. § The high dependence on CNIIs, their cross-border interconnectedness and interdependencies with
other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systematic perspective as the frontline of defense against failures and attacks.
Cyber Threats CRITICAL INFORMATION INFRASTRUCTURES
POWER GENERATION
SERVICES
DISTRIBUTION
Interdependencies The high degree of
interdependency between the critical infrastructure sectors means failures in one sector can propagate into others.
2
Copyright © 2013 CyberSecurity Malaysia
Cyber Content Related Threats Technology Related Threats
Hack Threat
Fraud
Denial of Service Attack
Intrusion
Malicious Code
Harassment
Threats to National Security
Sedition / Defamation
Online Porn
Hate Speech
3
Cyber Threats CLASIFICATIONS
Copyright © 2013 CyberSecurity Malaysia 4
2005
National Cyber Security Policy formulated by MOSTI
NCSP Adoption and Implementation 20
06
CyberSecurity Malaysia launched by
Prime Minister of Malaysia on 20 Aug 2007
2007
The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure
the effectiveness of cyber security controls over vital assets
NCSP Objectives
Address The Risks To The Critical National
Information Infrastructure
Ensure That Critical Infrastructure Are
Protected To A Level That Is
Commensurate With The Risks
Develop And Establish A
Comprehensive Program And A
Series Of Frameworks
Cyber Security Governance NATIONAL CYBER SECURITY POLICY
4
Copyright © 2013 CyberSecurity Malaysia
VISION ‘Malaysia's Critical National Information Infrastructure shall be secure, resilient and
self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation’
5
DEFENCE & SECURITY • Ministry of Defense, Military • Ministry of Home Affairs, Police
TRANSPORTATION • Ministry of Transport
BANKING & FINANCE • Ministry of Finance • Central Bank • Securities Commission
HEALTH SERVICES • Ministry of Health
EMERGENCY SERVICES Ministry of Housing & Local Municipality
CRITICAL NATIONAL INFORMATION INFRASTRUCTURE
Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on • National Defense & Security
• National Economic Strength
• National Image • Government capability to function
• Public Health & Safety
ENERGY • Energy Commission
INFORMATION & COMMUNICATIONS • Ministry of Communications & Multimedia
GOVERNMENT • Malaysia Administrative, Modernisation and Management Planning Unit
FOOD & AGRICULTURE • Ministry of Agriculture
WATER • National Water Service Commission
National Cyber Security Policy CNII SECTORS
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
6
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
7
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia
CyberSecurity Malaysia (www.cybersecurity.my) A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (www.mosti.gov.my).
Pt 1: Effective Governance CYBERSECURITY MALAYSIA
Ministerial Function Act1969, Amendment 2009
Provides specialised ICT security services and continuously identifies
possible areas that may be detrimental to national security
Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation
CyberSecurity Malaysia as a National Body to monitor aspects of the National e-
Security
VISION To be a globally recognised National
Cyber Security Reference and Specialist Centre by 2020
MISSION Creating and Sustaining a Safer Cyberspace to Promote National
Sustainability, Social Well-Being and Wealth Creation
8
Establishment of a national info security coordination
centre
Copyright © 2013 CyberSecurity Malaysia
STRATEGY ENGAGEMENT &
RESEARCH
INFO SECURITY PROFESSIONAL
DEVELOPMENT & OUTREACH
SECURITY QUALITY MANAGEMENT
SERVICES
CYBER SECURITY EMERGENCY
SERVICES
Digital Forensics
Security Management & Best
Practices Info Security Professional Development
Outreach
Strategy Engagement
Research
Information Security Certification Body
CyberSecurity Malaysia CORE FUNCTIONS / SERVICES
Security Assurance
Security Incident Handling
9
Copyright © 2013 CyberSecurity Malaysia
National Security Council Chair : Y.A.B. Prime Minister Secretariat: NSC
E-Sovereignty Working Group Chair : Under Secretary of NSC
National Cyber
Security Coordination Committee
Chair : NSC Secretariat : NSC
Government Communication
Strategy Enhancement
Committee
Chair : PMO Secreatriat : BHEUU
National Cyber Crisis Coordination Committee
Chair : PMO
Secretariat : NSC
Cyber Law Committee
Chair : AGC Secretariat : AGC
National Acculturation
& Capacity Building
Committee
Chair : MOSTI Secretariat :
MOSTI
MICC compliance & Enforcement Committee
Chair : MICC Secretariat :
MICC
E-Sovereignty Committee Chair : Y.A.B. Deputy Prime Minister Secretariat: NSC
National IT Council (NITC) Chair : Y.A.B. Prime Minister Secretariat: MOSTI
POLICY CONTENT CRISIS MANAGEMENT LEGISLATION ACCULTURATION &
CAPACITY BUILDING COMPLIANCE & ENFORCEMENT
Pt 1: Effective Governance ORGANIZATION STRUCTURE
10
Copyright © 2013 CyberSecurity Malaysia 11
• MAMPU • National Security Council • Attorney General’s Chambers • Chief Government Security Office • Ministry of Science, Technology & Innovation • Ministry of Defense • Ministry of Foreign Affairs • Ministry of Energy, Green Technology & Water • Ministry of Information, Communication & Culture • Ministry of Transportation • Ministry of Home Affairs • Royal Malaysian Police • Southeast Asia Regional Center for Counter-Terrorism • Bank Negara Malaysia • National Water Services Commission • Malaysian Communication & Multimedia Commission • Energy Commission • Securities Commission Malaysia • Khazanah Nasional Berhad • CyberSecurity Malaysia • MIMOS Berhad • Standards Malaysia
Pt 1: Effective Governance NATIONAL COORDINATION COMMITTEE
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
12
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 13
Cyber Specific Laws Specific legislation governing
online matters
• Communications and Multimedia Act 1998 • Optical Disk Act 2000 • Computer Crimes Act 1997 • Digital Signature Act 1997 • Telemedicine Act 1997 • Electronic Commerce Act 2006 • Electronic Government’s Activities Act 2007 • Personal Data Protection Act 2010
Non Cyber Specific Laws Legislation that may be used to
regulate online matters whenever applicable
• Copyright Act 1987 • Sedition Act 1948 • Penal Code • Defamation Act 1957
Pt 2: Legislative & Regulatory Framework CYBER LAWS OF MALAYSIA
Reduction of & increased in success in, the prosecution in
cyber crime.
Copyright © 2013 CyberSecurity Malaysia 14
A study on the laws of Malaysia to accommodate legal challenges in the Cyber Environment
14
Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
Copyright © 2013 CyberSecurity Malaysia 15
Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
Copyright © 2013 CyberSecurity Malaysia 16
Pt 2: Legislative & Regulatory Framework AMENDMENTS – EVIDENCE ACT
Copyright © 2013 CyberSecurity Malaysia 17
DIGITAL FORENSICS LAB ANALYZE & INVESTIGATE
DIGITAL EVIDENCE
DATA RECOVERY LAB RECOVER CORRUPTED &
DELETED DATA
EXPERT DEVELOPMENT LAB
PLATFORM FOR RESEARCH & JOB ATTACHMENT
EVIDENCE PRESERVATION FACILITY
A SECURE ENVIRONMENT FOR DIGITAL EVIDENCE
CyberCSI™
Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS
Copyright © 2013 CyberSecurity Malaysia 18
Notification of Declaration under Subsection 399(2) - Digital Forensics Analyst
Pt 2: Legislative & Regulatory Framework EXPERT WITNESS
Copyright © 2013 CyberSecurity Malaysia
MODULES LEVEL
1 Information Security Essentials Fundamental
2 ISMS Essentials Fundamental
3 Digital Forensics Essentials Fundamental
4 Forensics on Internet Application Fundamental
5 Digital Forensics for First Responder
Intermediate
DIGITAL FORENSICS MODULES
Duration: 11 days
19
Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS TRAINING
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
20
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia
§ Guidelines: Computer Security Handbook, ICT Outsourcing Information Security
§ Best practices: Social Networking, Protecting Your Mobile Device
§ 3rd Party Information Security Assessment Guideline § Wireless Local Area Network (LAN) Security Guideline
§ Joint development of the National Cyber Crisis Management Plan (NCCMP) with National Security Council.
§ Business Continuity Management (BCM) implementation for organization.
§ Development of Information Security Standards at the national level.
§ Information Security Management System (ISMS) certification programme for Critical National Information Infrastructure (CNII) agencies.
§ Develop Information Security Guidelines and Best Practices.
21
Pt 3: Cyber Security Technology Framework SECURITY MANAGEMENT BEST PRACTICES
Expansion of national certification scheme for infosec mgmt &
assurance
Copyright © 2013 CyberSecurity Malaysia
Phase 2 – Building the Infrastructure SECURITY STANDARDS
MODULES LEVEL
1 Information Security Essentials Fundamental
2 ISMS Essentials Fundamental
3 ISMS Implementation Intermediate
4 ISMS Internal Auditor Advance
ISO 27001 Information Security Management System
Duration: 9 days
ISO/IEC 27001 Information Security Management – Confidential Information Remain Confidential
22
Copyright © 2013 CyberSecurity Malaysia
SECURITY ASSURANCE OFFERS 2 TYPES OF SERVICE FOR THE ENHANCEMENT OF NATIONAL INFORMATION SECURITY ASSURANCE :
MyVAC (National Vulnerability Assessment Center)
MySEF (Malaysian ICT Security
Evaluation Facilities)
• Vulnerability Assessment And Penetration Testing Services for CNII sectors
• Common Criteria (CC) evaluation service
• Security Assessment for control system (SCADA/DCS)
• ICT Product Security Assessment (IPSA) service
• Common Criteria (CC) Protection Profile (PP) evaluation service
23
Pt 3: Cyber Security Technology Framework ASSESSMENT & ASSUARANCE
Copyright © 2013 CyberSecurity Malaysia
CERTIFICATE AUTHORISING PARTICIPANTS
CERTIFICATE CONSUMING PARTICIPANTS
• Participants that represent a compliant Certification Body
• Mutually recognizes certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408
Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408
CCRA is an international recognition arrangement for Common Criteria Standard (ISO/IEC 15408)
CyberSecurity Malaysia is the National Certification Body - Malaysian Common Criteria Certification Body (MyCB) ITALY JAPAN NETHERLANDS
SWEDEN TURKEY
NEW ZEALAND
AUSTRALIA
UNITED KINGDOM
CANADA FRANCE
UNITED STATES
GERMANY
SPAIN REP. OF KOREA NORWAY
AUSTRIA GREECE FINLAND DENMARK CZECH REP
HUNGARY SINGAPORE PAKISTAN ISRAEL INDIA
24
Pt 3: Cyber Security Technology Framework COMMON CRITERIA RECOGNITION ARRANGEMENT
Copyright © 2013 CyberSecurity Malaysia
1. International collaboration in the area of CERT in the Asia Pacific region and OIC countries.
2. Coordinate the implementation of the NCSP. 3. Secretariat for the Operational Task Force under National
Security Council. 4. Secretariat for the NC3 chaired by National Security Council
1. Cyber media research 2. Cyber War Research 3. Development of National Cryptography Policy 4. Cyber Laws Study 5. Co-Chair for CSCAP Study Group on Cyber Security that includes the
Issues of Transnational Cyber Crime 6. Co-Leading Nation for ASEAN Regional Forum in Counter
Radicalization Work Plan for Counter-Terrorism & Transnational Crime in collaboration with Ministry of Foreign Affairs
25
Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT
Copyright © 2013 CyberSecurity Malaysia
CYBER CONFLICTS
Tactics • Cyber espionage • Web vandalism • Propaganda • Gathering data
• Distributed Denial-of-Service Attacks • Equipment disruption • Attacking critical infrastructure • Compromised Counterfeit Hardware
(source: http://en.wikipedia.org/wiki/Cyberwarfare)
26
Emerging Threats
Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
27
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 28
Pt 4: Culture Of Cyber Security & Capacity Bldg IT’S ABOUT PEOPLE
Copyright © 2013 CyberSecurity Malaysia 29
An area where today’s youth are at greatest risk is social networking http://www.jdpower.com/autos/car-photos/ Identity-Theft/Identity-Theft/2009
Pt 4: Culture Of Cyber Security & Capacity Bldg PEOPLE – WEAKEST LINK
Copyright © 2013 CyberSecurity Malaysia 30
‘National Strategy for
Cyber Security Acculturation and Capacity
Building Program’
Pt 4: Culture Of Cyber Security & Capacity Bldg CYBER SECURITY ACCULTURATION & CAPACITY BLDG
Reduced no. of InfoSec incidents through improved awareness & skill
level
Copyright © 2013 CyberSecurity Malaysia
§ Man behind the machine is the critical factor
Current Ratio of
Professionals : Internet User 1 : 8,924
Target 1:1,500 (Conduct Study to determine number of Info Pro)
" Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications.
" Through strategic collaborations with reputable organizations in Malaysia and international accreditation institutions this program is accomplished.
" Malaysia requires sufficient skilled people to deal with sophisticated cyber threats & uncertainty of cyber space.
31
Pt 4: Culture Of Cyber Security & Capacity Bldg CAPACITY BLDG – INFOSEC PRO DEVELOPMENT
Copyright © 2013 CyberSecurity Malaysia
PROFESSIONAL COURSES • Business Continuity Management Professional Certification (BCLE2000)
• Certified Information System Security Professional (CISSP) CBK Review Seminar
• Certified Secure System Lifecycle Professional (CSSLP)
• ISO 27001 Lead Auditor • Professional in Critical Information Infrastructure Protection (PCIP)
• System Security Certified Practitioner (SSCP) CBK Review Seminar
SPECIALIZED COURSES • Digital Forensics for Law Practitioner • Forensics on Internet Applications • ISO 27001 Internal Auditor
INTERMEDIATE COURSES • Cryptography for Information Security Professional • Digital Forensic for First Responder • Incident Response & Handling for Computer Security & Incident Response Team (CSIRTS)
• Incident Handling and Network Security Training (IHNS)
• ISO 27001 Implementation • MyCC 2.0 - Foundation Evaluator Training
FUNDAMENTAL COURSES • Business Continuity Management For Beginners • Cryptography for Beginners • CSM Security Essential Training • Data Encryption for Beginners • Digital Forensics Essential • Google-Fu Power Search Technique
32
Pt 4: Culture Of Cyber Security & Capacity Bldg TRAINING COURSES
Copyright © 2013 CyberSecurity Malaysia 33
CyberSecurity Malaysia’s
CyberSAFE Cyber Security Awareness For Everyone
PROGRAM
• It is everyone’s responsibility • To explore smart partnership CyberSecurity Malaysia and YOU
Pt 4: Culture Of Cyber Security & Capacity Bldg AWARENESS
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
34
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia
Development of the National R&D Roadmap for Self Reliance in Cyber Security Technologies is facilitated by MIMOS Berhad, a Government R&D institution
35
To Identify Technologies That Are Relevant and Desirable by the CNII
To Promote Collaboration with International Centres
of Excellence
To Provide Domain Competency Development
To Nurture the Growth of Local Cyber Security
Industry
To Update the National R&D Roadmap
Pt 5: Research & Development Towards Self Reliance R & D ROADMAP
Acceptance & utilization of local developed info security
products
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
36
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 37
• To study the need to introduce a Cyber Security Safety Standards Act to ensure mandatory compliance by CNII to ISMS Standards (ISO27001) and other selected standards.
• Audit and certification of ISMS compliance of CNIIs within 3 years from the date of Cabinet mandate 24 Feb 2010
Ensure Mandatory Compliance to Informa;on
Security Standards by CNII
• Government Agencies dialogue session to implement ISMS compliance for CNIIs
• ISMS (ISO/IEC-27001) training and workshops for CNIIs and regulatory bodies
• CNII Information Security Standards Adoption Program
Capability and Awareness
Programmes for CNIIs
• Local Developers to obtain products certification under ISO 15408 (Common Criteria EAL2)
• Develop Cyber Security Industry Directory to list Malaysian IT security companies, products and IT security professionals
• Cyber Security Trade Event to promote locally developed products under Common Criteria (Nov2012)
Facilitate Industry Development
In progress
Case for change: n Cabinet mandate for CNII organizaTons to obtain ISMS cerTficaTon within 3 years 24 Feb 2010
n CriTcal NaTonal InformaTon Infrastructure (CNII) exposed to cyber threats
n Lack of compliance to informaTon security standards (eg ISMS 27001) amongst CNII
n Weak ecosystem of local industry to support the requirements of CNII e.g. Products cerTfied under Common Criteria
RecommendaTon: n Ensure mandatory compliance of ISMS Standards for CNII
n Capability and Awareness for CNIIs n Facilitate Industry Development * CollaboraTon with PEMANDU (Performance Management and Delivery Unit) SRI (Strategic Reform IniTaTve)
In progress
In progress
Pt 6: Compliance & Enforcement STANDARDS & GUIDELINES
Strengthen or include infosec enforcement role in all CNII
regulatorsI
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of Information,
Communications & Culture
1 2345678
38
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia
Number of cyber security incidents referred to CyberSecurity Malaysia 31 Aug 2012 (excluding spams)
INCIDENTS
§ Intrusion § Intrusion Attempt § Spam § DOS § Cyber Harassment § Fraud § Content Related § Malicious Code § Vulnerabilities Report
39
As of 30th April 2013
CNII resilience against cyber crime, terrorism, info warfare
Pt 7: Cybersecurity Emergency Readiness CYBER INCIDENTS 1997 - 2012
Copyright © 2013 CyberSecurity Malaysia
0
100
200
300
400
500
600
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
30 58 49 48
91 105 137
190 172 131
59 13 5 20 45
41
116
160
212
428 442
349
Forensic Analysis
Data recovery
• 75% cases - from law enforcement agencies (PDRM, BNM, AG, SKMM etc). • Types of cases – Financial Fraud, Sexual Assault, National threats, etc.
[ As of 31st August 2012 ]
43 63
93 69
132
221
297
600
402
573
408
40
Pt 7: Cybersecurity Emergency Readiness DIGITAL FORENSICS CASES (2002 – 2012)
Copyright © 2013 CyberSecurity Malaysia 41
Cyber999™ Cyber Early Warning Services 1. Incident Handling
2. Cyber Early Warning
3. Technical Coordination Centre
4. Malware Research Center
§ Email o [email protected] o [email protected]
§ Phone o +603 8992 6969 o 1 300 88 2999
§ Fax o +603 8945 3442
§ SMS o 15888 “Cyber999 Report”
§ Mobile (24x7) o +6019 266 5850
§ Online – http://www.mycert.org.my
§ Office Hours – MYT 0830 - 1730
Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
Copyright © 2013 CyberSecurity Malaysia 42
Emerging Threats
LebahNet Project
Malware Research
Threats VisualizaTon
Advisory & Alerts
EXPLOIT
ADVISORIES & ALERTS § Software vulnerabilities (advisories) § 0 day vulnerabilities § Patch & upgrades
OUTBREAKS ALERTS § H1N1 flu § Trojan-Michael Jackson Death § Conficker § IE/Acrobat/Office/Flash 0 day
MA-321.072012 : MyCERT Alert - Microsoft Security Bulletin Summary For July 2012 21/06/2012 MA-320.062012 : MyCERT Alert - Critical Vulnerability in Microsoft XML Core Services 19/06/2012 MA-319.062012 : MyCERT Alert - Increase in Web Defacement Incidents 13/06/2012 MA-318.062012 : MyCERT Alert - Microsoft Security Bulletin Summary For June 2012 13/06/2012 MA-317.062012 : MyCERT Alert - Oracle Java SE Critical Patch Update Advisory - June 2012 11/06/2012 MA-316.062012 : MyCERT Alert - Critical Vulnerability in MySQL and MariaDB 11/06/2012 MA-315.062012 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player 07/06/2012
Pt 7: Cybersecurity Emergency Readiness MALWARE RESEARCH CENTER
Copyright © 2013 CyberSecurity Malaysia
Incident Handling
Technical Coordination
Centre
MODULES LEVEL
1 Information Security Essentials Fundamental
2 ISMS Essentials Fundamental
3 Incident Handling & Network Security (IHNS)
Intermediate
4 Ethical Hacking and Penetration Testing
Intermediate
5 Security Audit and Assessment Intermediate
INCIDENT HANDLING MODULES
Duration: 13 days
43
Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
Copyright © 2013 CyberSecurity Malaysia
• Effective Governance National Security Council
• Legislation & Regulatory Framework Attorney General’s Office
• Cyber Security Technology Framework Ministry of Science,
Technology and Innovation
• Culture of Security and Capacity Building
Ministry of Science, Technology and
Innovation
• Research & Development Towards Self Reliance
Ministry of Science, Technology and
Innovation
• Compliance & Enforcement Ministry of Information,
Communications & Culture
• Cyber Security Emergency Readiness National Security Council
• International Collaboration Ministry of
Communications & Multimedia
1 2345678
44
National Cyber Security Policy POLICY THRUST
Copyright © 2013 CyberSecurity Malaysia 45
APCERT
OIC-CERT
ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events
PRIORITIZE Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests
LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests
Pt 8: International Collaboration MISSIONS
International branding on CNII protection with improved awareness & skill level
Copyright © 2013 CyberSecurity Malaysia
q The National Cyber Security Policy is a holistic approach for cyber defence of the CNIIs and the nation.
q Encouraging Public Private Cooperation as essential element in mitigating cyber threats
q Commitment from stakeholders is critical in ensuring the success of the policy’s implementation.
46
NATIONAL CYBER SECURITY POLICY In Conclusion
Copyright © 2013 CyberSecurity Malaysia 47
Top Related