Malaysia’s Digital Ministry stresses that the government views cybersecurity-related matters seriously and has taken steps to deal with weak information and communications technology (ICT) systems across the country, including those belonging to government agencies.
In a statement today, its minister Gobind Singh Deo said measures have been put in place, and steps have been taken to build and create digitally resilient systems in government that would ensure transparency in the process by which these systems are acquired. He added steps have also been taken to ensure that data stored within these systems is safe at all times.
“In June this year, a directive was issued which requires all government ICT procurements involving government entities to be streamlined through the National Digital Department (JDN), an agency under the Digital Ministry,” said Gobind.
“This puts all such applications through a strict and thorough process aimed at eradicating problems of the past involving overlapping applications, the procurement of systems which were ineffective or outdated, and other related problems, including those involving vendors.
“It is also aimed at making the application processes less cumbersome and reducing delays which have had a large impact on projects altogether.”
He added that a committee was set up in his ministry to oversee the new scheme, and to propose further improvements which would enhance procurement processes, moving forward.
“JDN has also reviewed 141 of such projects which were pending previously, under the new directive,” said Gobind.
“As for cybersecurity, the Cyber Security Act was gazetted in June of this year, and came into effect on Aug 26. It serves as a means to strengthen cybersecurity in various sectors by providing cybersecurity standards for organisations. These include entities belonging to the government, to improve their cybersecurity posture.
“The Cyber Security Act also addresses the management of cybersecurity threats and incidents related to national critical information infrastructure (NCII). The NCII sector leads have been recently appointed (after the Act came into force), and codes of practice are in the midst of being drafted to ensure these structures remain safe.”
He added that the Act also introduced measures to manage cyber threats by subjecting NCII entities to stringent risk assessments at least once a year; as well as an audit every two years or more if directed to do so by the chief executive of the National Cyber Security Agency (NACSA).
“Under the Act too, there is a licensing regime for cybersecurity service providers. The Digital Ministry and its agencies are also revisiting and improving existing public sector ICT security policies, looking at adopting new solutions and better practices such as Privacy by Design (PbD), Data Protection Impact Assessment (DPIA), and Privacy Enhancing Technologies (PETs), along with cybersecurity audit and risk assessments, which will better protect digital assets and data,” he added.
On Sept 27, National Security Council (NSC) director-general Raja Datuk Nushirwan Zainal Abidin revealed that some 150, out of 740 ICT systems managed by a government agency were dormant, with unclear ownership.
During a town hall session on the National Security Index in Putrajaya, Raja Nushirwan said this reflected poor data management practices among government officials. He was quoted as saying: “On a scale of 0 to 10, I’d rate government ICT systems at best a 2. In some cases, they could be a zero. This is the reality of our national security.”
Raja Nushirwan also alleged collusion between government officials and IT vendors, where systems were procured without proper scrutiny. His comments have raised questions and may have opened up a can of worms, including whether or not the matter was escalated internally, and if NSC had lodged a report with the relevant authorities.
Malaysian Anti-Corruption Commission chief Tan Sri Azam Baki told TV3’s Buletin Utama that the anti-graft body had not received any reports regarding allegations of a conspiracy between government officials and IT vendors, and would reach out to NSC for more information.