We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE- IoT and Big Data labs- Securing the future at CyberSecurity Malaysia

EXCLUSIVE- IoT and Big Data labs- Securing the future at CyberSecurity Malaysia

Dr. Solahuddin Bin Shamsuddin, CTO, CyberSecurity Malaysia (CSM), speaks to OpenGov about security going hand in hand with technology and the current focus areas of Big Data and IoT. CSM operates under the purview of the Malaysian Ministry of Science, Technology and Innovation (MOSTI).

Could you tell us about your role as CTO of CyberSecurity Malaysia?

My role is to lead and craft all technical related initiatives in CyberSecurity Malaysia to achieve the corporate agenda.

My jobs involve some strategic components amongst others, including planning and overseeing the development, implementation and management of the technology infrastructure, to support the delivery of CSM products and services and to identify as well as explore new research areas in cybersecurity.

In terms of operational components, I also oversee the preparation of proposals, implementation of the Government funded R&D projects carried out by CSM. In addition, I manage the technical advisory and advise on the adoption of latest technology by CSM that can provide the optimum ROI. All these activities are to be done in compliance with CSM’s objectives, policies, procedures and guidelines.

How do you evaluate the success of initiatives? What kind of return on investment (ROI) measures do you consider?

It depends. In CSM, when we propose a project to the government, we aim to provide the solutions to the evolving threats, and measure its benefits in ROIs in terms of values the project will give to the government, not necessarily quantified in dollars and cents.

For example, we provide our incident handling services for free. However, there are some costs involved in handling an incident such man/hour and mileage claims etc. Finding the ROI involves how much money has been spent and the value of services provided to mitigate the incident. All these can be quantified. Even though we don’t bring dollars and cents to the government, the value of the services we provide is used to calculate the ROI.

What are the areas of focus for CSM in the next one year and on a longer scale of 3-5 years?

We are looking into the current strategic technology trend in order to analyse emerging cyber security challenges. Security and technology go hand-in-hand. With every new technology, there are new vulnerabilities and new security issues which come up.

The new trends predicted for this year by consulting firms include device mesh, smart machine, advanced machine learning, autonomous Agents and Things, Adaptive Security Architecture, Advanced System Architecture, Mesh App and Service Architecture and Internet of Things (IoT) platforms. We always look at what are the current and future technologies, what are the security issues that come with it.

For example, we are building an IoT lab, that will look into the security issues of IoT for the next five years and comes up with ways of addressing them.

We also have people looking into big data security. We are producing data scientists, who can look into the security issues of big data and produce useful results, predictive analytics for the company.

They can give us an edge compared to our competitors, the hackers, the bad guys. We always have to stay a few steps ahead of them.

Cybersecurity is necessarily pro-active. We look for possible threats. We will predict what is going to happen. So that we can be ready.

What kind of research will be done in the IoT lab?

It will be about the security aspect of IoT and also privacy. We are looking at anonymising the data, so that we can establish open community data. We should not waste any data that have been gathered. Government has a lot of data. This data shall be sharable with researchers and industries that might need to use the data for business purposes.

At the same time, we should be able to anonymise the data. We should be able to give them the right metadata that can be used that do not reveal the identity of the person.

All PII (Personally identifiable information) must be removed through anonymisation technology. This will come together with open community data sets.

From a security perspective, you have to look into it from all angles. You have to look at database security, network security, server security, if you are accessing it through app, then web security. Everything has to be addressed, not just one component.

You mentioned that data scientists are being trained. For all these projects, you will need experts with the requisite knowledge. Are there any ongoing initiatives for training professionals for these roles?

We are training our staff. For instance, for IoT, if we have a certain group or department which looks into it, we will send our staff for training there. This will ensure that they have up to date information and knowledge on the latest technologies. We send them for security professional certifications.

We do whatever it takes, so that they have the required knowledge.

If we don’t have the right people in certain cases, we might get expert services from Subject Matter Experts (SMEs). We get them to come here and conduct trainings and transfer knowledge.

When and how do you collaborate with other government agencies?

Most of the big initiatives done by government require collaboration between agencies. Government agencies, government departments work together for certain projects.

For example, IoT is championed by MIMOS, which is under MOSTI. It requires collaboration. MIMOS, MDEC (Malaysia Digital Economy Corporation), MCMC (Malaysian Communications And Multimedia Commission), CSM, MAMPU, all work together. For IoT, we will come up with a IoT security framework for the whole project. CSM always contributes to the security aspects of a particular technology.

How do you see IoT evolving and what are the primary risks associated with it?

We are talking about Internet of Everything (IoE) now. Everything will be connected through the internet, through these IoT devices. IoT devices process data and then transfer data through the internet. If they keep the data, then it is not part of IoT. Our concern is about the security of the data. The data has to be protected so that, people cannot intercept or change it or replace the data, so that the CIA of the data is preserved, its Confidentiality, Integrity and Availability.

The security trend is to encrypt the data using PKIs (Public Key Infrastructure). But it has to be done at the manufacturer level, at the chip level. The big players in IoT, the ones who make the sensors, the processors, have to embed the PKI component on the chip itself during manufacturing. When it goes out into the production line, ready to be deployed, it has a corresponding public key and there must be a system for you to register that public key to an owner.

There has to be a repository that can map the ownership of the public key to a particular person. If a person owns an IoT device, and if something goes wrong, they have to take responsibility for it. There has to be accountability of all devices.

The handphone is the most common example of an IoT device. In Malaysia, you have to register your handphone by IC or passport. It cannot be anonymous. So, that at any point in time, we know who is the owner of that particular handphone.

We have to do that in IoT devices in the future. So that people cannot misuse IoT to commit a crime. In case a crime happens, PKI will facilitate forensic analysis. In order for this to be implemented successfully, in a timely manner, it should be an industry-driven initiative.  

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend