“Central to the Business Transformation Program is the commercialisation of cyber security training, consultancy, certification and technical services.”
Cybersecurity is a vital concern for countries moving towards a digital government and economy. Every step forward in technology adoption brings its own set of risks.
CSM is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI). OpenGov conducted an interview with Dato’ Dr. Haji Amirudin Abdul Wahab, Chief Executive Officer, CyberSecurity Malaysia (CSM) to learn about areas of focus and key ongoing initiatives at CSM (OpenGov previously interviewed Dato’ Dr. Haji Amirudin in March 2016) .
We will be publishing the comprehensive interview in two parts, with the first part covering CSM’s Business Transformation Program which aims to achieve 20 per cent self-sustainability for CSM by 2020, protecting Critical National Information Infrastructure and improving general public awareness of cybersecurity and best practices. In the second part, Dato’ Dr. Haji Amirudin tells us about multilateral cooperation and the challenges of changing mindset and culture.
Could you tell us about your role as the CEO of CSM (CSM)? What are the short to medium term areas of focus and key ongoing initiatives at CSM? (SM)
Since taking over the role as Chief Executive Officer in 2013, I have been overseeing CSM’s initiatives that are implemented to realise its vision to become a globally recognised national cyber security reference and specialist centre by 2020.
CSM has successfully rolled out programs and projects under its Centre of Excellence (COE) initiative that was introduced in 2013 to provide leadership and specialised services delivery to the country’s Critical National Information infrastructure (CNII) sectors. COE is a comprehensive strategic long term plan, which lays out CSM’s vision for 2020 and provides a roadmap on how to achieve it.
There are eight selected expertise areas under COE as listed below:
Each of CSM division or department for the above eight focus areas has been tasked to identify potential cyber security services ready for commercialisation.
CSM’s key ongoing initiative is its Business Transformation Program (BTP), which kicked off in 2016.Currently, I am closely monitoring BTP, which requires revision of both the agency’s corporate and organisation structures.
Central to the BTP is the commercialisation of cyber security training, consultancy, certification and technical services. The BTP has been outlined with the aim of achieving 20 per cent self-sustainability through own revenue generation by 2020.
The overall objectives of BTP are to:
BTP integrates various strategic initiatives which encompass people, process and technology elements namely:
These days a cyber attack on critical infrastructure or even an important private company, such as a major bank, can cause significant damage. What is CSM doing to provide cybersecurity support to industry and for protecting infrastructure assets?
To safeguard the nation cyber space from cyber threats, the Government through CSM has taken steps including to:
Regarding cyber threats to the financial sector especially in the banking sector, Bank Negara Malaysia (BNM) has set up Internet Banking Task Force (IBTF) in 2004 to develop best practices for the banking industry and cooperate with respective agencies to address cyber security incidents. It is also a platform to discuss the latest trends or issues to deal with Internet banking and online financial criminal activity. CSM is a key member in providing technical advice and support to IBTF members.
Chaired by Bank Negara Malaysia, IBTF consists of: 1) All commercial banks in Malaysia (banks provide Internet banking services in Malaysia) that carry out the transaction in either a local bank or a foreign bank; 2) The Law Enforcement such as the Royal Malaysian Police (PDRM), Malaysian Communications and Multimedia Commission (MCMC) and other relevant agencies with cyber security such as Telco and technical agencies like CSM.
The IBTF’s main role is to develop best practices for the entire banking industry and to cooperate with relevant agencies in dealing with cyber security incidents and intrusions.
What is CSM doing to improve public awareness of cybersecurity and best practices?
As part of its initiatives to strengthen the field of cyber security, CSM is continuously carrying out various programs to inculcate awareness amongst internet users on technological and social issues, particularly online danger.
CSM has introduced a dedicated program known as Cyber Security Awareness for Everyone (CyberSAFE) aimed at increasing awareness and nurturing best practices on safe and positive ICT usage amongst internet users.
Activities that have been carried out by CyberSAFE include:
Amongst the issues highlighted are:
The initiatives under CyberSAFE place emphasis on the importance of safeguarding internet users’ safety and assets including personal information when surfing the internet especially social media sites.
How is CSM working with other Malaysian government agencies to create a safer and more secure cyberspace?
As I mentioned earlier, NCSP is one of the most important measures taken to secure the cyberspace and forms the foundation of Malaysia e-Sovereignty. Formulated by the Ministry of Science Technology and Innovation in 2005 and it was endorsed by the Cabinet in May 2006, objectives of the NCSP is aimed at addressing the risk to the CNII sectors, ensure that the critical infrastructure is protected as well as develop and establish a comprehensive program and a series of framework. Collectively, such cyber security posture will promote productivity, national sustainability, social harmony and well-being, as well as wealth creation.
In support of NCSP and through the National Security Council (NSC) of Malaysia CSM is working together with other government agencies and lead sectors from the 10 Critical National Information Infrastructure (CNII) sectors in Malaysia to safeguard the country’s cyberspace. The 10 critical sectors are: Defence and Security, Transportation, Banking and Finance, Health Services, Emergency Services, Energy, Information and Communication, Government, Food and Agriculture and Water.
Malaysia also implements X-Maya, a National Cyber Crisis Exercise or Cyber Drill conducted by CSM in collaboration with the National Security Council to assess and improve the National Cyber Crisis Management Plan together with CNII's readiness against the threat of cyber-attacks on a yearly basis.
The second part of this interview will be published on April 26, 2017.
We release new articles daily on trending topics within technology and the public sector. Subscribe to have weekly digests of our articles conveniently sent to your email address.
Mövenpick Hotel and Convention Centre KLIA
One Farrer Hotel
Sheraton Towers Singapore
Putrajaya Marriott Hotel
Marina Bay Sands, Singapore
JW Marriott Jakarta