• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Malaysia's National Cyber Security Policy
 

Malaysia's National Cyber Security Policy

on

  • 2,844 views

This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013 ...

This presentation presentated by Mohd Shamir B Hasyim, Vice President Government and Multilateral Engagement, Cyber Security Malaysia, 10th September 2013 on #IISF2013

An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection

Statistics

Views

Total Views
2,844
Views on SlideShare
2,844
Embed Views
0

Actions

Likes
1
Downloads
5,437
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Malaysia's National Cyber Security Policy Malaysia's National Cyber Security Policy Presentation Transcript

    • Copyright © 2013 CyberSecurity Malaysia MALAYSIA’S NATIONAL CYBER SECURITY POLICY An Integrated Approach For Cyber Security And Critical Information Infrastructure Protection 10 September 2013 Bandung, Indonesia MOHD SHAMIR B HASHIM Vice President Government and Multilateral Engagement
    • Copyright © 2013 CyberSecurity Malaysia §  Critical infrastructures are increasingly dependent on information and communication. §  The potential natural disasters or terrorist attacks, which threaten the critical infrastructure and critical information infrastructure as well, are dramatically increasing today. §  Risks to the CIIs include man-made attacks, natural disasters and technical failures. §  The high dependence on CNIIs, their cross-border interconnectedness and interdependencies with other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systematic perspective as the frontline of defense against failures and attacks. Cyber Threats CRITICAL INFORMATION INFRASTRUCTURES POWER GENERATION SERVICES DISTRIBUTION Interdependencies The high degree of interdependency between the critical infrastructure sectors means failures in one sector can propagate into others. 2
    • Copyright © 2013 CyberSecurity Malaysia Cyber  Content  Related  Threats  Technology    Related  Threats     Hack Threat Fraud Denial of Service Attack Intrusion Malicious Code Harassment Threats to National Security Sedition / Defamation Online Porn Hate Speech 3 Cyber Threats CLASIFICATIONS
    • Copyright © 2013 CyberSecurity Malaysia 4 2005   National Cyber Security Policy formulated by MOSTI NCSP Adoption and Implementation 2006   CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007 2007  The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets NCSP Objectives Address The Risks To The Critical National Information Infrastructure Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks Develop And Establish A Comprehensive Program And A Series Of Frameworks Cyber Security Governance NATIONAL CYBER SECURITY POLICY 4
    • Copyright © 2013 CyberSecurity Malaysia VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation 5 DEFENCE & SECURITY • Ministry of Defense, Military • Ministry of Home Affairs, Police TRANSPORTATION • Ministry of Transport BANKING & FINANCE • Ministry of Finance • Central Bank • Securities Commission HEALTH SERVICES • Ministry of Health EMERGENCY SERVICES Ministry of Housing & Local Municipality CRITICAL NATIONAL INFORMATION INFRASTRUCTURE Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on • National Defense & Security • National Economic Strength • National Image • Government capability to function • Public Health & Safety ENERGY • Energy Commission INFORMATION & COMMUNICATIONS • Ministry of Communications & Multimedia GOVERNMENT • Malaysia Administrative, Modernisation and Management Planning Unit FOOD & AGRICULTURE • Ministry of Agriculture WATER • National Water Service Commission National Cyber Security Policy CNII SECTORS
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 6 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 7 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia CyberSecurity Malaysia (www.cybersecurity.my) A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (www.mosti.gov.my). Pt 1: Effective Governance CYBERSECURITY MALAYSIA Ministerial Function Act1969, Amendment 2009 Provides specialised ICT security services and continuously identifies possible areas that may be detrimental to national security Cabinet Notes 2005 Ministry of Finance and Ministry of Science, Technology & Innovation CyberSecurity Malaysia as a National Body to monitor aspects of the National e- Security VISION To be a globally recognised National Cyber Security Reference and Specialist Centre by 2020 MISSION Creating and Sustaining a Safer Cyberspace to Promote National Sustainability, Social Well-Being and Wealth Creation 8 Establishment of a national info security coordination centre
    • Copyright © 2013 CyberSecurity Malaysia STRATEGY ENGAGEMENT & RESEARCH INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH SECURITY QUALITY MANAGEMENT SERVICES CYBER SECURITY EMERGENCY SERVICES Digital Forensics Security Management & Best Practices Info Security Professional Development Outreach Strategy Engagement Research Information Security Certification Body CyberSecurity Malaysia CORE FUNCTIONS / SERVICES Security Assurance Security Incident Handling 9
    • Copyright © 2013 CyberSecurity Malaysia National Security Council Chair : Y.A.B. Prime Minister Secretariat: NSC E-Sovereignty Working Group Chair : Under Secretary of NSC National Cyber Security Coordination Committee Chair : NSC Secretariat : NSC Government Communication Strategy Enhancement Committee Chair : PMO Secreatriat : BHEUU National Cyber Crisis Coordination Committee Chair : PMO Secretariat : NSC Cyber Law Committee Chair : AGC Secretariat : AGC National Acculturation & Capacity Building Committee Chair : MOSTI Secretariat : MOSTI MICC compliance & Enforcement Committee Chair : MICC Secretariat : MICC E-Sovereignty Committee Chair : Y.A.B. Deputy Prime Minister Secretariat: NSC National IT Council (NITC) Chair : Y.A.B. Prime Minister Secretariat: MOSTI POLICY   CONTENT   CRISIS   MANAGEMENT   LEGISLATION   ACCULTURATION  &   CAPACITY  BUILDING   COMPLIANCE  &   ENFORCEMENT   Pt 1: Effective Governance ORGANIZATION STRUCTURE 10
    • Copyright © 2013 CyberSecurity Malaysia 11 •  MAMPU •  National Security Council •  Attorney General’s Chambers •  Chief Government Security Office •  Ministry of Science, Technology & Innovation •  Ministry of Defense •  Ministry of Foreign Affairs •  Ministry of Energy, Green Technology & Water •  Ministry of Information, Communication & Culture •  Ministry of Transportation •  Ministry of Home Affairs •  Royal Malaysian Police •  Southeast Asia Regional Center for Counter-Terrorism •  Bank Negara Malaysia •  National Water Services Commission •  Malaysian Communication & Multimedia Commission •  Energy Commission •  Securities Commission Malaysia •  Khazanah Nasional Berhad •  CyberSecurity Malaysia •  MIMOS Berhad •  Standards Malaysia Pt 1: Effective Governance NATIONAL COORDINATION COMMITTEE
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 12 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia 13 Cyber Specific Laws Specific legislation governing online matters •  Communications and Multimedia Act 1998 •  Optical Disk Act 2000 •  Computer Crimes Act 1997 •  Digital Signature Act 1997 •  Telemedicine Act 1997 •  Electronic Commerce Act 2006 •  Electronic Government’s Activities Act 2007 •  Personal Data Protection Act 2010 Non Cyber Specific Laws Legislation that may be used to regulate online matters whenever applicable •  Copyright Act 1987 •  Sedition Act 1948 •  Penal Code •  Defamation Act 1957 Pt 2: Legislative & Regulatory Framework CYBER LAWS OF MALAYSIA Reduction of & increased in success in, the prosecution in cyber crime.
    • Copyright © 2013 CyberSecurity Malaysia 14 A study on the laws of Malaysia to accommodate legal challenges in the Cyber Environment 14 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
    • Copyright © 2013 CyberSecurity Malaysia 15 Pt 2: Legislative & Regulatory Framework CYBER LAW REVIEW STUDY
    • Copyright © 2013 CyberSecurity Malaysia 16 Pt 2: Legislative & Regulatory Framework AMENDMENTS – EVIDENCE ACT
    • Copyright © 2013 CyberSecurity Malaysia 17 DIGITAL FORENSICS LAB ANALYZE & INVESTIGATE DIGITAL EVIDENCE DATA RECOVERY LAB RECOVER CORRUPTED & DELETED DATA EXPERT DEVELOPMENT LAB PLATFORM FOR RESEARCH & JOB ATTACHMENT EVIDENCE PRESERVATION FACILITY A SECURE ENVIRONMENT FOR DIGITAL EVIDENCE CyberCSI™ Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS
    • Copyright © 2013 CyberSecurity Malaysia 18 Notification of Declaration under Subsection 399(2) - Digital Forensics Analyst Pt 2: Legislative & Regulatory Framework EXPERT WITNESS
    • Copyright © 2013 CyberSecurity Malaysia MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Digital Forensics Essentials Fundamental 4 Forensics on Internet Application Fundamental 5 Digital Forensics for First Responder Intermediate DIGITAL FORENSICS MODULES Duration: 11 days   19 Pt 2: Legislative & Regulatory Framework DIGITAL FORENSICS TRAINING
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 20 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia §  Guidelines: Computer Security Handbook, ICT Outsourcing Information Security §  Best practices: Social Networking, Protecting Your Mobile Device §  3rd Party Information Security Assessment Guideline §  Wireless Local Area Network (LAN) Security Guideline §  Joint development of the National Cyber Crisis Management Plan (NCCMP) with National Security Council. §  Business Continuity Management (BCM) implementation for organization. §  Development of Information Security Standards at the national level. §  Information Security Management System (ISMS) certification programme for Critical National Information Infrastructure (CNII) agencies. §  Develop Information Security Guidelines and Best Practices. 21 Pt 3: Cyber Security Technology Framework SECURITY MANAGEMENT BEST PRACTICES Expansion of national certification scheme for infosec mgmt & assurance
    • Copyright © 2013 CyberSecurity Malaysia Phase 2 – Building the Infrastructure SECURITY STANDARDS MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 ISMS Implementation Intermediate 4 ISMS Internal Auditor Advance ISO 27001 Information Security Management System Duration: 9 days   ISO/IEC 27001 Information Security Management – Confidential Information Remain Confidential 22
    • Copyright © 2013 CyberSecurity Malaysia SECURITY ASSURANCE OFFERS 2 TYPES OF SERVICE FOR THE ENHANCEMENT OF NATIONAL INFORMATION SECURITY ASSURANCE : MyVAC (National Vulnerability Assessment Center) MySEF (Malaysian ICT Security Evaluation Facilities) •  Vulnerability Assessment And Penetration Testing Services for CNII sectors •  Common Criteria (CC) evaluation service •  Security Assessment for control system (SCADA/DCS) •  ICT Product Security Assessment (IPSA) service •  Common Criteria (CC) Protection Profile (PP) evaluation service 23 Pt 3: Cyber Security Technology Framework ASSESSMENT & ASSUARANCE
    • Copyright © 2013 CyberSecurity Malaysia CERTIFICATE AUTHORISING PARTICIPANTS CERTIFICATE CONSUMING PARTICIPANTS •  Participants that represent a compliant Certification Body •  Mutually recognizes certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408 Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408 CCRA is an international recognition arrangement for Common Criteria Standard (ISO/IEC 15408) CyberSecurity Malaysia is the National Certification Body - Malaysian Common Criteria Certification Body (MyCB) ITALY   JAPAN   NETHERLANDS   SWEDEN   TURKEY   NEW    ZEALAND   AUSTRALIA   UNITED  KINGDOM   CANADA   FRANCE   UNITED  STATES   GERMANY   SPAIN  REP.  OF  KOREA  NORWAY   AUSTRIA   GREECE  FINLAND  DENMARK  CZECH  REP   HUNGARY   SINGAPORE  PAKISTAN  ISRAEL  INDIA   24 Pt 3: Cyber Security Technology Framework COMMON CRITERIA RECOGNITION ARRANGEMENT  
    • Copyright © 2013 CyberSecurity Malaysia 1.  International collaboration in the area of CERT in the Asia Pacific region and OIC countries. 2.  Coordinate the implementation of the NCSP. 3.  Secretariat for the Operational Task Force under National Security Council. 4.  Secretariat for the NC3 chaired by National Security Council 1.  Cyber media research 2.  Cyber War Research 3.  Development of National Cryptography Policy 4.  Cyber Laws Study 5.  Co-Chair for CSCAP Study Group on Cyber Security that includes the Issues of Transnational Cyber Crime 6.  Co-Leading Nation for ASEAN Regional Forum in Counter Radicalization Work Plan for Counter-Terrorism & Transnational Crime in collaboration with Ministry of Foreign Affairs 25 Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
    • Copyright © 2013 CyberSecurity Malaysia CYBER CONFLICTS Tactics • Cyber espionage • Web vandalism • Propaganda • Gathering data • Distributed Denial-of-Service Attacks • Equipment disruption • Attacking critical infrastructure • Compromised Counterfeit Hardware (source: http://en.wikipedia.org/wiki/Cyberwarfare) 26 Emerging Threats Pt 3: Cyber Security Technology Framework STRATEGIC RESEARCH & ENGAGEMENT  
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 27 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia 28 Pt 4: Culture Of Cyber Security & Capacity Bldg IT’S ABOUT PEOPLE
    • Copyright © 2013 CyberSecurity Malaysia 29 An area where today’s youth are at greatest risk is social networking http://www.jdpower.com/autos/car-photos/ Identity-Theft/Identity-Theft/2009 Pt 4: Culture Of Cyber Security & Capacity Bldg PEOPLE – WEAKEST LINK
    • Copyright © 2013 CyberSecurity Malaysia 30 National Strategy for Cyber Security Acculturation and Capacity Building Program Pt 4: Culture Of Cyber Security & Capacity Bldg CYBER SECURITY ACCULTURATION & CAPACITY BLDG Reduced no. of InfoSec incidents through improved awareness & skill level
    • Copyright © 2013 CyberSecurity Malaysia §  Man behind the machine is the critical factor Current Ratio of Professionals : Internet User 1 : 8,924 Target 1:1,500 (Conduct Study to determine number of Info Pro) "   Help nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses and certifications. "   Through strategic collaborations with reputable organizations in Malaysia and international accreditation institutions this program is accomplished. "   Malaysia requires sufficient skilled people to deal with sophisticated cyber threats & uncertainty of cyber space. 31 Pt 4: Culture Of Cyber Security & Capacity Bldg CAPACITY BLDG – INFOSEC PRO DEVELOPMENT
    • Copyright © 2013 CyberSecurity Malaysia PROFESSIONAL COURSES • Business Continuity Management Professional Certification (BCLE2000) • Certified Information System Security Professional (CISSP) CBK Review Seminar • Certified Secure System Lifecycle Professional (CSSLP) • ISO 27001 Lead Auditor • Professional in Critical Information Infrastructure Protection (PCIP) • System Security Certified Practitioner (SSCP) CBK Review Seminar SPECIALIZED COURSES • Digital Forensics for Law Practitioner • Forensics on Internet Applications • ISO 27001 Internal Auditor INTERMEDIATE COURSES • Cryptography for Information Security Professional • Digital Forensic for First Responder • Incident Response & Handling for Computer Security & Incident Response Team (CSIRTS) • Incident Handling and Network Security Training (IHNS) • ISO 27001 Implementation • MyCC 2.0 - Foundation Evaluator Training FUNDAMENTAL COURSES • Business Continuity Management For Beginners • Cryptography for Beginners • CSM Security Essential Training • Data Encryption for Beginners • Digital Forensics Essential • Google-Fu Power Search Technique 32 Pt 4: Culture Of Cyber Security & Capacity Bldg TRAINING COURSES
    • Copyright © 2013 CyberSecurity Malaysia 33 CyberSecurity  Malaysia’s   CyberSAFE   Cyber  Security  Awareness  For  Everyone    PROGRAM   •   It  is  everyone’s  responsibility     •   To  explore  smart  partnership            CyberSecurity  Malaysia  and  YOU   Pt 4: Culture Of Cyber Security & Capacity Bldg AWARENESS
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 34 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia Development of the National R&D Roadmap for Self Reliance in Cyber Security Technologies is facilitated by MIMOS Berhad, a Government R&D institution 35 To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development To Nurture the Growth of Local Cyber Security Industry To Update the National R&D Roadmap Pt 5: Research & Development Towards Self Reliance R & D ROADMAP Acceptance & utilization of local developed info security products
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 36 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia 37 •  To study the need to introduce a Cyber Security Safety Standards Act to ensure mandatory compliance by CNII to ISMS Standards (ISO27001) and other selected standards. •  Audit and certification of ISMS compliance of CNIIs within 3 years from the date of Cabinet mandate 24 Feb 2010 Ensure  Mandatory   Compliance  to   Informa;on   Security  Standards   by  CNII   • Government Agencies dialogue session to implement ISMS compliance for CNIIs • ISMS (ISO/IEC-27001) training and workshops for CNIIs and regulatory bodies • CNII Information Security Standards Adoption Program Capability  and   Awareness     Programmes  for   CNIIs • Local Developers to obtain products certification under ISO 15408 (Common Criteria EAL2) • Develop Cyber Security Industry Directory to list Malaysian IT security companies, products and IT security professionals • Cyber Security Trade Event to promote locally developed products under Common Criteria (Nov2012) Facilitate  Industry   Development   In progress Case  for  change:   n Cabinet  mandate  for  CNII  organizaTons   to  obtain  ISMS  cerTficaTon  within  3   years  24  Feb  2010   n CriTcal  NaTonal  InformaTon   Infrastructure  (CNII)  exposed  to  cyber   threats   n Lack  of  compliance  to  informaTon   security  standards  (eg  ISMS  27001)   amongst  CNII   n Weak  ecosystem  of  local  industry  to   support  the  requirements  of  CNII  e.g.   Products  cerTfied  under  Common   Criteria   RecommendaTon:   n Ensure  mandatory  compliance  of    ISMS   Standards  for  CNII   n Capability  and  Awareness  for  CNIIs   n Facilitate  Industry  Development   *  CollaboraTon  with  PEMANDU   (Performance  Management  and   Delivery  Unit)  SRI  (Strategic  Reform   IniTaTve)   In progress In progress Pt 6: Compliance & Enforcement STANDARDS & GUIDELINES Strengthen or include infosec enforcement role in all CNII regulatorsI
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Information, Communications & Culture 1 2 3 4 5 6 7 8 38 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia  Number  of  cyber  security  incidents  referred  to  CyberSecurity  Malaysia  31  Aug   2012  (excluding  spams)   INCIDENTS §  Intrusion §  Intrusion Attempt §  Spam §  DOS §  Cyber Harassment §  Fraud §  Content Related §  Malicious Code §  Vulnerabilities Report 39 As of 30th April 2013 CNII resilience against cyber crime, terrorism, info warfare Pt 7: Cybersecurity Emergency Readiness CYBER INCIDENTS 1997 - 2012
    • Copyright © 2013 CyberSecurity Malaysia 0   100   200   300   400   500   600   2002   2003   2004   2005   2006   2007   2008   2009   2010   2011   2012   30   58   49   48   91   105   137   190   172   131   59  13   5   20   45   41   116   160   212   428   442   349   Forensic  Analysis   Data  recovery   •  75% cases - from law enforcement agencies (PDRM, BNM, AG, SKMM etc). •  Types of cases – Financial Fraud, Sexual Assault, National threats, etc. [  As  of  31st  August  2012  ]   43   63 93 69 132 221 297 600 402 573 408 40 Pt 7: Cybersecurity Emergency Readiness DIGITAL FORENSICS CASES (2002 – 2012)
    • Copyright © 2013 CyberSecurity Malaysia 41 Cyber999™ Cyber Early Warning Services 1. Incident Handling 2. Cyber Early Warning 3. Technical Coordination Centre 4. Malware Research Center §  Email o  cyber999@cybersecurity.my o  mycert@mycert.org.my §  Phone o  +603 8992 6969 o  1 300 88 2999 §  Fax o  +603 8945 3442 §  SMS o  15888 Cyber999 Report §  Mobile (24x7) o  +6019 266 5850 §  Online – http://www.mycert.org.my §  Office Hours – MYT 0830 - 1730 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
    • Copyright © 2013 CyberSecurity Malaysia 42 Emerging   Threats   LebahNet   Project   Malware   Research   Threats   VisualizaTon   Advisory  &   Alerts     EXPLOIT ADVISORIES & ALERTS §  Software vulnerabilities (advisories) §  0 day vulnerabilities §  Patch & upgrades OUTBREAKS ALERTS §  H1N1 flu §  Trojan-Michael Jackson Death §  Conficker §  IE/Acrobat/Office/Flash 0 day MA-321.072012 : MyCERT Alert - Microsoft Security Bulletin Summary For July 2012 21/06/2012 MA-320.062012 : MyCERT Alert - Critical Vulnerability in Microsoft XML Core Services 19/06/2012 MA-319.062012 : MyCERT Alert - Increase in Web Defacement Incidents 13/06/2012 MA-318.062012 : MyCERT Alert - Microsoft Security Bulletin Summary For June 2012 13/06/2012 MA-317.062012 : MyCERT Alert - Oracle Java SE Critical Patch Update Advisory - June 2012 11/06/2012 MA-316.062012 : MyCERT Alert - Critical Vulnerability in MySQL and MariaDB 11/06/2012 MA-315.062012 : MyCERT Alert - Critical Vulnerability in Adobe Flash Player 07/06/2012 Pt 7: Cybersecurity Emergency Readiness MALWARE RESEARCH CENTER
    • Copyright © 2013 CyberSecurity Malaysia Incident Handling Technical Coordination Centre MODULES LEVEL 1 Information Security Essentials Fundamental 2 ISMS Essentials Fundamental 3 Incident Handling & Network Security (IHNS) Intermediate 4 Ethical Hacking and Penetration Testing Intermediate 5 Security Audit and Assessment Intermediate INCIDENT HANDLING MODULES Duration: 13 days   43 Pt 7: Cybersecurity Emergency Readiness COMPUTER EMERGENCY RESPONSE TEAM
    • Copyright © 2013 CyberSecurity Malaysia •  Effective GovernanceNational Security Council •  Legislation & Regulatory FrameworkAttorney General’s Office •  Cyber Security Technology Framework Ministry of Science, Technology and Innovation •  Culture of Security and Capacity Building Ministry of Science, Technology and Innovation •  Research & Development Towards Self Reliance Ministry of Science, Technology and Innovation •  Compliance & Enforcement Ministry of Information, Communications & Culture •  Cyber Security Emergency ReadinessNational Security Council •  International Collaboration Ministry of Communications & Multimedia 1 2 3 4 5 6 7 8 44 National Cyber Security Policy POLICY THRUST
    • Copyright © 2013 CyberSecurity Malaysia 45 APCERT OIC-CERT ENGAGE Participate in relevant cyber security meetings and events to promote Malaysia’s positions and interests in the said meetings and events PRIORITIZE Evaluate Malaysia’s interests at international cyber security platforms and act on elements where Malaysia can get tangible benefits and voice third world interests LEADERSHIP Explore opportunities at international cyber security platforms where Malaysia can vie for positions to play a leadership role to project Malaysia’s image and promote Malaysia’s interests Pt 8: International Collaboration MISSIONS International branding on CNII protection with improved awareness & skill level
    • Copyright © 2013 CyberSecurity Malaysia q  The National Cyber Security Policy is a holistic approach for cyber defence of the CNIIs and the nation. q  Encouraging Public Private Cooperation as essential element in mitigating cyber threats q  Commitment from stakeholders is critical in ensuring the success of the policy’s implementation. 46 NATIONAL CYBER SECURITY POLICY In Conclusion
    • Copyright © 2013 CyberSecurity Malaysia 47