Malaysia Last Updated: April 2021
CYBERSECURITY POLICY
Strategy Documents
Malaysia Cyber Security Strategy 2020-2024 (MCSS) National Security Council
The key objectives are categorised into five strategic Pillars that will govern all aspects of cyber security planning and implementation in Malaysia until 2024.
The five strategic pillars are:
Pillar I: Effective Governance and Management; Pillar II: Strengthening Legislative Framework and Enforcement; Pillar III: Catalysing World Class Innovation, Technology, R&D and Industry; Pillar IV: Enhancing Capacity and Capability Building, Awareness and Education; Pillar V: Strengthening Global Collaboration.
Source Source 2 October 2020
Defence White Paper (DWP) Ministry of Defence
The DWP represents the Government’s firm commitment to Malaysia’s defence and resilience to protect national interests, particularly to defend its sovereignty and territorial integrity. It also includes the developing of a coherent cyber doctrine to enhance defence resilience and cyber security that requires among other things, putting in place the right management and operational governance mechanisms with cyber-savvy manpower and right technology.
Source 2020
Malaysia Smart City Framework Ministry of Housing and Local Government
A guideline for local governments all across the country to develop cities in Malaysia into smart cities. One of the strategies under this framework is to strengthen policies related to cybersecurity and personal data.
Source Source 2 2018
Industry 4WRD: National Policy on Industry 4.0 Ministry of International Trade and Industry
The National Policy on Industry 4.0 provides a concerted and comprehensive transformation agenda for the manufacturing sector and its related services including establishing a set of cybersecurity and IoT security guidelines for Industry 4.0 as of Malaysia’s broader development of cybersecurity capabilities.
Source 2018
Ministry of Defence Strategic Plan Ministry of Defence Seeks effective governance, a clear legislative & regulatory framework, cyber security technology framework, culture of security and capacity building, research & development towards self-reliance, compliance and enforcement, cyber security emergency readiness, and international cooperation Source 2018 Malaysia Last Updated: April 2021
National Security Policy National Security Council
The National Security Policy is the overarching policy or basis for comprehensive national security aimed at maintaining, safeguarding and defending the National Core Values. It also recognise the importance of cybersecurity and includes the following as one of the strategies to be pursued: Maintain Cyber Security and Defence: Ensure a secured cyber environment through comprehensive risk management involving the consolidation of the security and defence infrastructure, especially the Critical Information Infrastructure of the country.
Source January 2017
National Security Council Directive No. 24: National Cyber Crisis Management Policy and Mechanism National Cyber Security Agency, National Security Council (NACSA, NSC)
Executive directive outlining the strategy that Malaysia will undertake for cyber crisis mitigation and response among Malaysia's CNII through public and private collaboration.
Source 29 September 2011
Malaysia's National Defence Policy Ministry of Defence
The development of a cyber-warfare capability is an important step towards counterbalancing the ability of other countries in the region and to defend important national targets from all forms of threats. It is important to stop any form of encroachment into national defence’s computer systems and networks. Concurrently, it also provides the room for developing offensive capabilities for conducting cyber-operations when necessary. This capability would provide the ability for information-gathering at strategic, operational and tactical levels.
Source 2010
National Cyber Security Policy (NCSP) National Cyber Security Agency, National Security Council (NACSA,NSC)
The NCSP seeks to address the risks to the Critical National Information Infrastructure (CNII) which comprises the networked information systems of ten critical sectors.
Source 31 May 2006
Implementation Frameworks
Public Sector Cyber Security Framework National Cyber Security Agency, National Security Council (NACSA, NSC)
Aims to provide comprehensive approach and guidance for the public sector in protecting critical information on the cyberspace
Source 1 April 2016
Malaysian Public Sector Management of Information & Communications Technology Security Handbook National Cyber Security Agency, National Security Council (NACSA, NSC)
Provides the guidelines to the public sector on ICT security management in operational, technical and legal aspects with reference to international Malaysia Last Updated: April 2021
standards.
Source
National Cyber Crisis Management Plan (NCCMP) National Cyber Security Agency, National Security Council (NACSA,NSC)
The NCCMP provides the detailed steps to be implemented by all the parties involved in national cyber crisis management and it will become the main reference for Sector Leads and Critical National Information Infrastructure (CNII) agencies in the development and maintenance of current related Standard Operating Procedures (SOP) in their agencies.
Source
STRUCTURE
National Centre or Responsible Agency
Ministry of Communications and Multimedia Malaysia
An official government broadcaster and information provider responsibles in formulating and implementing the national policy objectives on communication industry; international relations on communications affairs with related agencies; regulating personal data processing and enforcing the laws on personal data protection to increase the users’ confidence in commercial transactions in Malaysia.
Source
National Cyber Security Agency National Security Council, Prime Minister’s Department
Dedicated agency that oversees all national cyber security functions formed under the aegis of the National Security Council of Malaysia; The lead agency that integrates the existing cyber security capabilities through a strategic and coordinated manner; Gathers all identified national cyber security experts under one roof and coordinates and collaborates with its domestic and international counterparts, from both the public and private sectors.
Source February 2017 (established in)
Key Positions
Minister Ministry of Science, Technology and Innovation (MOSTI) Source
Dedicated Agencies and Departments
Police Cyber Investigation Response Centre (PCIRC) Royal Malaysia Police Source Source 2
Special Cyber Court Malaysia Last Updated: April 2021
Federal Court of Malaysia Specialises in hearing cyber criminal cases, including bank fraud, hacking, falsifying documents, defamation, spying, online gambling and cases related to pornography. Source 1 September 2016
Malaysian Communications and Multimedia Commission
An agency under Ministry of Communications and Multimedia Malaysia that responsible to regulate the communications and multimedia industry based on the powers provided for in the Malaysian Communications and Multimedia Commission Act (1998) and the Communications and Multimedia Act (1998).
Source
Malaysia Digital Economy Corporation (MDEC)
An agency under Ministry of Communications and Multimedia Malaysia that responsible for formulation of policies and coordination of agencies to enable success; development of future proof workforce to grow the Digital Economy ecosystem including nurtures the growth of local tech companies as well as industry and talent development to penetrate the digital market.
Source
Ministry of International Trade and Industry
A ministry that responsible to develop and implement policies on industrial development, international trade and investment; productivity; small and medium enterprise; manufacturing; services and strategic trades and to drive digital transformation of the manufacturing and related services sectors in Malaysia.
Source
Ministry of Women, Family and Community Development
A ministry that responsible to promote and raise public perception on the importance of the role of women and family institution in contributing towards the developmental agenda of the nation and also responsible for the creation and promotion of community and social awareness programmes including Child Online Protection (COP).
Source
Malaysian Administrative Modernisation and Management Planning Unit (MAMPU)
A central agency under the Prime Minister's Department that responsible for the modernisation and transformation of public service administration; driving the public sector ICT Strategic Plan; strengthening public sector ICT governance; encouraging ICT acculturation in the public sector service delivery system and innovating in electronic government applications, infrastructure and ICT security.
Source
Commercial Crime Investigation Department (CCID) Royal Malaysia Police
The Commercial Crime Investigation Department houses the Multimedia and Cybercrime Investigation Unit that investigate the offences and crimes related to cyber.
Source Source 2 Malaysia Last Updated: April 2021
CyberSecurity Malaysia Ministry of Science, Technology and Innovation (MOSTI)
A company limited by guarantee under the Ministry of Communications and Multimedia Malaysia that provide the technical services.
Source 2007 (previously the National ICT Security and Emergency Response Centre)
National CERT or CSIRT
Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia
MyCERT is a department under CyberSecurity Malaysia that deals with computer security incidents for the public.
Source 13 January 1997
National Cyber Coordination and Command Centre (NC4) National Cyber Security Agency, National Security Council
NC4 is a national center that responsible to deal with cyber threats and crisis at the national level and ensures coordination and cooperation between CNII. NC4 is the national Computer Emergency Response Team (CERT).
Source
LEGAL FRAMEWORK
Legislation
National Security Council Act 2016
An Act to provide for the establishment of NSC, the declaration of security areas, the special powers of the Security Forces in the security areas and other related matters.
Source 2016
Penal Code (Act 574)
A law that codifies most criminal offences and procedures in Malaysia.
Source 31 December 2014 (latest amended)
Personal Data Protection Act 2010 (Act 709)
An Act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto.
Source 2 June 2010 Malaysia Last Updated: April 2021
Electronic Government Activities Act 2007
An Act to provide for legal recognition of electronic messages in dealings between the Government and the public, the use of electronic messages to fulfill legal requirements and to enable and facilitate the dealings through the use of electronic means and other matters connected therewith.
Source 2007
Electronic Commerce Act 2006
An Act to provide for legal recognition of electronic messages in commercial transactions, the use of the electronic messages to fulfill legal requirements and to enable and facilitate commercial transactions through the use of electronic means and other matters connected therewith.
Source 2006
Communications and Multimedia Act 1998
An act to provide for and to regulate the converging communications and multimedia industries, and for incidental matters.
Source 1998
Malaysian Communications and Multimedia Commission Act 1998
An Act to provide for the establishment of the Malaysian Communications and Multimedia Commission with powers to supervise and regulate the communications and multimedia activities in Malaysia, and to enforce the communications and multimedia laws of Malaysia, and for related matters.
Source 1998
Computer Crimes Act 1997
An Act to provide for offences relating to the misuse of computers.
Source 1997
Digital Signature Act 1997
An act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.
Source 1997
COOPERATION
UN Processes
Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security Malaysia Last Updated: April 2021
Source 2004, 2014/2015
Bilateral and Multilateral Cooperation
Trilateral Meeting on Security, Indonesia-Malaysia-Philippines Minister of Foreign Affairs
Agreement to contain the spread of terrorism and terrorism-related content in cyberspace, particularly in social media
Source 22 june 2017
Memorandum of Understanding, Malaysia-Philippines CyberSecurity Malaysia
Framework for understanding and cooperation for exchange of information on current threats and strategies to increase effectiveness of cyber security incident response, to respond and mitigate cross-border incidents
Source 10 december 2016
Memorandum of Agreement, Malaysia-Republic of Korea CyberSecurity Malaysia Agreement to exchange, develop and consolidate their knowledge and experiences of cyber security incidents Source November 2016
Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member CyberSecurity Malaysia Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing. Source 11 July 2016
EU-Malaysia Partnership and Cooperation Agreement (PCA) Ministry of Foreign Affairs
Cooperation in the specific areas of justice and security, including cybersecurity
Source 6 april 2016
Memorandum of Understanding, India-Malaysia CyberSecurity Malaysia Cooperation in the area of Cyber Security Source 23 November 2015
Memorandum of Understanding, Malaysia-Oman CyberSecurity Malaysia Malaysia Last Updated: April 2021
Cooperate in promoting closer collaboration, interaction and exchange of information regarding national cyber security, cooperation in the field of cyber security threats Source 11 October 2015
Memorandum of Understanding, Australia-Malaysia CyberSecurity Malaysia Agreement to assist in mitigating cyber threats, through sharing of information and technology knowledge in ICT security such as reported incident, new threats, and best practices against cyber crime Source March 2014
Memorandum of Understanding, Malaysia-Morocco CyberSecurity Malaysia Memorandum of Understanding on cybersecurity. Source 21 January 2010
Select Activities
CyberSAFE CyberSecurity Malaysia Outreach Department tasked with educating and enhancing the awareness of the general public on the technological and social issues facing internet users, particularly on the risks they face online Source
CyberSecurity Clinics CyberSecurity Malaysia CyberSecurity Malaysia will work wit hpartners to establish CyberSecurity Clinics throughout Malaysia, which will serve as a front-end service center supported by CyberSecurity Malaysia Headquarters in Kuala Lumpur and its Regional Office, which will handle more advanced and specific requests. Source
Cyber Security Professional Development (CyberGuru) CyberSecurity Malaysia New platform in nurturing Information Security practitioners and promoting knowledge sharing with leading industry experts and academicians as well as fostering local and international collaborations. Source
Membership
Association of Southeast Asian Nations (ASEAN)
Commonwealth
International Telecommunications Union (ITU)
Organisation of Islamic Cooperation (OIC) Malaysia Last Updated: April 2021
United Nations (UN)