Malaysia Last Updated: April 2021

CYBERSECURITY POLICY

Strategy Documents

Malaysia Cyber Security Strategy 2020-2024 (MCSS) National Security Council

The key objectives are categorised into five strategic Pillars that will govern all aspects of cyber security planning and implementation in Malaysia until 2024.

The five strategic pillars are:

Pillar I: Effective Governance and Management; Pillar II: Strengthening Legislative Framework and Enforcement; Pillar III: Catalysing World Class Innovation, Technology, R&D and Industry; Pillar IV: Enhancing Capacity and Capability Building, Awareness and Education; Pillar V: Strengthening Global Collaboration.

Source Source 2 October 2020

Defence White Paper (DWP) Ministry of Defence

The DWP represents the Government’s firm commitment to Malaysia’s defence and resilience to protect national interests, particularly to defend its sovereignty and territorial integrity. It also includes the developing of a coherent cyber doctrine to enhance defence resilience and cyber security that requires among other things, putting in place the right management and operational governance mechanisms with cyber-savvy manpower and right technology.

Source 2020

Malaysia Smart City Framework Ministry of Housing and Local Government

A guideline for local governments all across the country to develop cities in Malaysia into smart cities. One of the strategies under this framework is to strengthen policies related to cybersecurity and personal data.

Source Source 2 2018

Industry 4WRD: National Policy on Industry 4.0 Ministry of International Trade and Industry

The National Policy on Industry 4.0 provides a concerted and comprehensive transformation agenda for the manufacturing sector and its related services including establishing a set of cybersecurity and IoT security guidelines for Industry 4.0 as of Malaysia’s broader development of cybersecurity capabilities.

Source 2018

Ministry of Defence Strategic Plan Ministry of Defence Seeks effective governance, a clear legislative & regulatory framework, cyber security technology framework, culture of security and capacity building, research & development towards self-reliance, compliance and enforcement, cyber security emergency readiness, and international cooperation Source 2018 Malaysia Last Updated: April 2021

National Security Policy National Security Council

The National Security Policy is the overarching policy or basis for comprehensive national security aimed at maintaining, safeguarding and defending the National Core Values. It also recognise the importance of cybersecurity and includes the following as one of the strategies to be pursued: Maintain Cyber Security and Defence: Ensure a secured cyber environment through comprehensive risk management involving the consolidation of the security and defence infrastructure, especially the Critical Information Infrastructure of the country.

Source January 2017

National Security Council Directive No. 24: National Cyber Crisis Management Policy and Mechanism National Cyber Security Agency, National Security Council (NACSA, NSC)

Executive directive outlining the strategy that Malaysia will undertake for cyber crisis mitigation and response among Malaysia's CNII through public and private collaboration.

Source 29 September 2011

Malaysia's National Defence Policy Ministry of Defence

The development of a cyber-warfare capability is an important step towards counterbalancing the ability of other countries in the region and to defend important national targets from all forms of threats. It is important to stop any form of encroachment into national defence’s computer systems and networks. Concurrently, it also provides the room for developing offensive capabilities for conducting cyber-operations when necessary. This capability would provide the ability for information-gathering at strategic, operational and tactical levels.

Source 2010

National Cyber Security Policy (NCSP) National Cyber Security Agency, National Security Council (NACSA,NSC)

The NCSP seeks to address the risks to the Critical National Information Infrastructure (CNII) which comprises the networked information systems of ten critical sectors.

Source 31 May 2006

Implementation Frameworks

Public Sector Cyber Security Framework National Cyber Security Agency, National Security Council (NACSA, NSC)

Aims to provide comprehensive approach and guidance for the public sector in protecting critical information on the cyberspace

Source 1 April 2016

Malaysian Public Sector Management of Information & Communications Technology Security Handbook National Cyber Security Agency, National Security Council (NACSA, NSC)

Provides the guidelines to the public sector on ICT security management in operational, technical and legal aspects with reference to international Malaysia Last Updated: April 2021

standards.

Source

National Cyber Crisis Management Plan (NCCMP) National Cyber Security Agency, National Security Council (NACSA,NSC)

The NCCMP provides the detailed steps to be implemented by all the parties involved in national cyber crisis management and it will become the main reference for Sector Leads and Critical National Information Infrastructure (CNII) agencies in the development and maintenance of current related Standard Operating Procedures (SOP) in their agencies.

Source

STRUCTURE

National Centre or Responsible Agency

Ministry of Communications and Multimedia Malaysia

An official government broadcaster and information provider responsibles in formulating and implementing the national policy objectives on communication industry; international relations on communications affairs with related agencies; regulating personal data processing and enforcing the laws on personal data protection to increase the users’ confidence in commercial transactions in Malaysia.

Source

National Cyber Security Agency National Security Council, Prime Minister’s Department

Dedicated agency that oversees all national cyber security functions formed under the aegis of the National Security Council of Malaysia; The lead agency that integrates the existing cyber security capabilities through a strategic and coordinated manner; Gathers all identified national cyber security experts under one roof and coordinates and collaborates with its domestic and international counterparts, from both the public and private sectors.

Source February 2017 (established in)

Key Positions

Minister Ministry of Science, Technology and Innovation (MOSTI) Source

Dedicated Agencies and Departments

Police Cyber Investigation Response Centre (PCIRC) Royal Malaysia Police Source Source 2

Special Cyber Court Malaysia Last Updated: April 2021

Federal Court of Malaysia Specialises in hearing cyber criminal cases, including bank fraud, hacking, falsifying documents, defamation, spying, online gambling and cases related to pornography. Source 1 September 2016

Malaysian Communications and Multimedia Commission

An agency under Ministry of Communications and Multimedia Malaysia that responsible to regulate the communications and multimedia industry based on the powers provided for in the Malaysian Communications and Multimedia Commission Act (1998) and the Communications and Multimedia Act (1998).

Source

Malaysia Digital Economy Corporation (MDEC)

An agency under Ministry of Communications and Multimedia Malaysia that responsible for formulation of policies and coordination of agencies to enable success; development of future proof workforce to grow the Digital Economy ecosystem including nurtures the growth of local tech companies as well as industry and talent development to penetrate the digital market.

Source

Ministry of International Trade and Industry

A ministry that responsible to develop and implement policies on industrial development, international trade and investment; productivity; small and medium enterprise; manufacturing; services and strategic trades and to drive digital transformation of the manufacturing and related services sectors in Malaysia.

Source

Ministry of Women, Family and Community Development

A ministry that responsible to promote and raise public perception on the importance of the role of women and family institution in contributing towards the developmental agenda of the nation and also responsible for the creation and promotion of community and social awareness programmes including Child Online Protection (COP).

Source

Malaysian Administrative Modernisation and Management Planning Unit (MAMPU)

A central agency under the Prime Minister's Department that responsible for the modernisation and transformation of public service administration; driving the public sector ICT Strategic Plan; strengthening public sector ICT governance; encouraging ICT acculturation in the public sector service delivery system and innovating in electronic government applications, infrastructure and ICT security.

Source

Commercial Crime Investigation Department (CCID) Royal Malaysia Police

The Commercial Crime Investigation Department houses the Multimedia and Cybercrime Investigation Unit that investigate the offences and crimes related to cyber.

Source Source 2 Malaysia Last Updated: April 2021

CyberSecurity Malaysia Ministry of Science, Technology and Innovation (MOSTI)

A company limited by guarantee under the Ministry of Communications and Multimedia Malaysia that provide the technical services.

Source 2007 (previously the National ICT Security and Emergency Response Centre)

National CERT or CSIRT

Malaysia Computer Emergency Response Team (MyCERT) CyberSecurity Malaysia

MyCERT is a department under CyberSecurity Malaysia that deals with computer security incidents for the public.

Source 13 January 1997

National Cyber Coordination and Command Centre (NC4) National Cyber Security Agency, National Security Council

NC4 is a national center that responsible to deal with cyber threats and crisis at the national level and ensures coordination and cooperation between CNII. NC4 is the national Computer Emergency Response Team (CERT).

Source

LEGAL FRAMEWORK

Legislation

National Security Council Act 2016

An Act to provide for the establishment of NSC, the declaration of security areas, the special powers of the Security Forces in the security areas and other related matters.

Source 2016

Penal Code (Act 574)

A law that codifies most criminal offences and procedures in Malaysia.

Source 31 December 2014 (latest amended)

Personal Data Protection Act 2010 (Act 709)

An Act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto.

Source 2 June 2010 Malaysia Last Updated: April 2021

Electronic Government Activities Act 2007

An Act to provide for legal recognition of electronic messages in dealings between the Government and the public, the use of electronic messages to fulfill legal requirements and to enable and facilitate the dealings through the use of electronic means and other matters connected therewith.

Source 2007

Electronic Commerce Act 2006

An Act to provide for legal recognition of electronic messages in commercial transactions, the use of the electronic messages to fulfill legal requirements and to enable and facilitate commercial transactions through the use of electronic means and other matters connected therewith.

Source 2006

Communications and Multimedia Act 1998

An act to provide for and to regulate the converging communications and multimedia industries, and for incidental matters.

Source 1998

Malaysian Communications and Multimedia Commission Act 1998

An Act to provide for the establishment of the Malaysian Communications and Multimedia Commission with powers to supervise and regulate the communications and multimedia activities in Malaysia, and to enforce the communications and multimedia laws of Malaysia, and for related matters.

Source 1998

Computer Crimes Act 1997

An Act to provide for offences relating to the misuse of computers.

Source 1997

Digital Signature Act 1997

An act to make provision for, and to regulate the use of, digital signatures and to provide for matters connected therewith.

Source 1997

COOPERATION

UN Processes

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security Malaysia Last Updated: April 2021

Source 2004, 2014/2015

Bilateral and Multilateral Cooperation

Trilateral Meeting on Security, Indonesia-Malaysia-Philippines Minister of Foreign Affairs

Agreement to contain the spread of terrorism and terrorism-related content in cyberspace, particularly in social media

Source 22 june 2017

Memorandum of Understanding, Malaysia-Philippines CyberSecurity Malaysia

Framework for understanding and cooperation for exchange of information on current threats and strategies to increase effectiveness of cyber security incident response, to respond and mitigate cross-border incidents

Source 10 december 2016

Memorandum of Agreement, Malaysia-Republic of Korea CyberSecurity Malaysia Agreement to exchange, develop and consolidate their knowledge and experiences of cyber security incidents Source November 2016

Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member CyberSecurity Malaysia Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing. Source 11 July 2016

EU-Malaysia Partnership and Cooperation Agreement (PCA) Ministry of Foreign Affairs

Cooperation in the specific areas of justice and security, including cybersecurity

Source 6 april 2016

Memorandum of Understanding, India-Malaysia CyberSecurity Malaysia Cooperation in the area of Cyber Security Source 23 November 2015

Memorandum of Understanding, Malaysia-Oman CyberSecurity Malaysia Malaysia Last Updated: April 2021

Cooperate in promoting closer collaboration, interaction and exchange of information regarding national cyber security, cooperation in the field of cyber security threats Source 11 October 2015

Memorandum of Understanding, Australia-Malaysia CyberSecurity Malaysia Agreement to assist in mitigating cyber threats, through sharing of information and technology knowledge in ICT security such as reported incident, new threats, and best practices against cyber crime Source March 2014

Memorandum of Understanding, Malaysia-Morocco CyberSecurity Malaysia Memorandum of Understanding on cybersecurity. Source 21 January 2010

Select Activities

CyberSAFE CyberSecurity Malaysia Outreach Department tasked with educating and enhancing the awareness of the general public on the technological and social issues facing internet users, particularly on the risks they face online Source

CyberSecurity Clinics CyberSecurity Malaysia CyberSecurity Malaysia will work wit hpartners to establish CyberSecurity Clinics throughout Malaysia, which will serve as a front-end service center supported by CyberSecurity Malaysia Headquarters in Kuala Lumpur and its Regional Office, which will handle more advanced and specific requests. Source

Cyber Security Professional Development (CyberGuru) CyberSecurity Malaysia New platform in nurturing Information Security practitioners and promoting knowledge sharing with leading industry experts and academicians as well as fostering local and international collaborations. Source

Membership

Association of Southeast Asian Nations (ASEAN)

Commonwealth

International Telecommunications Union (ITU)

Organisation of Islamic Cooperation (OIC) Malaysia Last Updated: April 2021

United Nations (UN)