Cyber-Physical Security: A National-level Consolidation
The Malaysia Cyber Security Strategy (MCSS) launch last week stirred a lot of interest. I think long-time industry observers were anticipating with bated breath what would be announced. When it finally happened, there was almost a palpable sigh of disappointment while they murmured collectively, “Same-old, same old lah.”
And then something extraordinary happened. Less than 2 days after the launch, the document for the MCSS appeared on NACSA’s website, and soon the 91-page document was circulating among online IT communities.
Even the “much-shrouded in secrecy and mysterious Arahan 24”, appeared on NACSA’s website. Will the MCSS finally shed some light on how Arahan 24 (Directive 24) will be organised and executed?
Page 6 of the MCSS document described this directive as “NSC’s Directive No.24: Policy and Mechanism of the National Cyber Crisis Management, an executive directive that outlines the nation’s strategy for cyber crisis mitigation and response through public and private collaboration and coordination.”
This directive closely guides proactive and coordinated management of cyber attacks and cyber incidents, at a national level.
And the NACSA website continued to provide other clues.
It has been a long-time industry gripe that cybersecurity initiatives in the country were DE-FOCUSED because there was blurring of lines and roles between MDEC, CSM, and NACSA.
And there it was on NACSA’s website, Initiatives by MDEC like Matrix Cybersecurity, and the Cyber Parenting Guidebook by CSM.
With the MCSS launch, is there now further cementing NACSA’s role as the lead agency that integrates existing cybersecurity capabilities?
MCSS’ launch event happened at a strategic time.
Chief Research Officer of the Center for Advanced Computing & Telecommunications (CACT), Dr. Suresh Ramasamy observed it came right after our island neighbour down south had released an ambitious certification scheme along with a cybersecurity Master Plan.
With the strategy’s launch, Malaysia can now match Singapore’s master plan with a Strategy Document as well as an Awareness Master Plan.
For me personally, it was interesting that cybersecurity vendors, FireEye, Crowdfense, and BAE were allowed to promote their wares up front and centre on stage.
This is very contrary to businesses’ usual practice of keeping their vendors and service providers under wraps and shrouded in secrecy, so as not to give away competitive advantage.
Cyber and Physical worlds merge
It eventually occurred to me that these vendors are the very same that would be sponsoring an event next year called The Integrated Cyber Defence, Cyber Security & Future Technology For The Global National Security Landscape Exhibition and Conference, or CYDES.
The inaugural edition of this event was March of 2020 and it is meant to complement LIMA, the Langkawi International Maritime and Aerospace event, which began in 1991 with over 100 exhibitors.
We can deduce that the National Security Council is taking steps to address national security in a more holistic way – approaching defence in the physical world and cyber world.
Hence the reason why the Minister of Defence, whom we currently see a lot of in the news coordinating pandemic responses and announcements with the Health Ministry, is also the chairman of the newly formed governing body established under the Malaysian Cyber Security Strategy.
During LIMA 2017, the value of contracts and agreements signed this time rose to about RM3.7billion, an increase of 81-percent from the previous LIMA, while 12 memorandums of understanding, 11 contracts, seven letters of agreement and five letters of intent signed were signed.
So, with what LIMA is successfully creating for physical defence, can there not be a cyber defense version (called CYDES) to replicate LIMA’s success?
IT BYTES BACK! says: The pandemic and all that time in lockdown accelerated more than just tech adoption, digital transformation and work productivity. We now have a way forward with a national Cybersecurity Strategy!