CSM ready to work with other agencies to realise creation of Cyber Security Commission
CyberSecurity Malaysia (CSM) is poised to play a bigger role in strengthening cyber security in this nation once the Malaysian Cyber Security Commission is established.
CSM chief executive officer Datuk Dr. Amirudin Abdul Wahab said the proposal by the government to set up the commission is the right step towards improving cyber security.
He said this is a good direction in the context of strengthening the nation’s cyber security ecosystem as it will ensure that actions taken to control cyber threats are not merely responsive in nature.
CSM, which is the national cyber security specialist agency under the purview of the Ministry of Communications and Digital, received over 7,000 reports involving cyber security incidents in Malaysia last year.
The reports included 4,741 cases of online fraud, 756 cases of data intrusion and hacking, and 23 cases of malicious code.
Amirudin said through the commission, proactive action can be taken to, among others, ensure the nation’s cyber infrastructure is supported by compliance with data protection standards and regular security audits by the authorities concerned.
“This cannot be done if we don’t have a proactive authority that can prevent security incidents from occurring. An audit on an organisation can help detect risks right from the start,” he added.
Earlier this year, Communications and Digital Minister Fahmi Fadzil said the government intends to set up the Malaysian Cyber Security Commission to strengthen cyber security in the country. He said the ministry will cooperate with related agencies like CSM to set up the commission.
PROVIDE SUPPORT SERVICES
Amirudin also said CSM has sufficient expertise in the field of cyber security and often provides support services to enforcement agencies such as the police, Malaysian Anti-Corruption Commission and Malaysian Communications and Multimedia Commission in investigations related to their cyber security cases.
“Due to its expertise in digital forensics, CSM is authorised under (Section) 399 of the Criminal Procedure Code to appear as an expert witness or referral expert in court,” he said.
As CSM – previously known as Malaysia Computer Emergency Response Team or MyCERT – works mostly behind the scenes, not many people know that the agency’s expertise was sought in several high-profile cases such as MH370 (the Malaysia Airlines aircraft that disappeared mysteriously); the Lahad Datu, Sabah, intrusion; and tragic murder of Nurin Jazlin Jazimin.
“The public knows of the police, MCMC… but they don’t know about CSM because we help (enforcement agencies) from behind the scenes,” said Amirudin.
Relating CSM’s role in the Lahad Datu incident which occurred 10 years ago, he said the agency helped to analyse more than 100 digital gadgets, such as mobile phones, computers and laptops belonging to the intruders, for the purpose of producing them as evidence.
“We had to analyse all the data extracted from the gadgets. CSM also made a correlation such as who contacted whom… this was not only complicated but took time as well.
“All the data concerned was produced as evidence in court where CSM was called in as a witness to give evidence on the seized digital devices,” he said.
On MH370 which disappeared en route to Beijing, China, on March 8, 2014, Amirudin said CSM’s digital forensic experts helped the authorities to disprove the international media’s theory that the plane’s disappearance was masterminded by its pilot.
“In fact, even the FBI made a similar claim (that the pilot was responsible) and submitted their data. But we found no concrete evidence in their claim and they (FBI) had to drop it,” he said, adding that CSM’s expertise is accredited by ANSI National Accreditation Board, North America’s largest accreditation body which also accredited the United States’ Federal Bureau of Investigation or FBI.
However, as for the case involving Nurin Jazlin – an eight-year-old girl who was found brutally murdered in September 2007 – CSM was not able to resolve it owing to the inferior quality of the closed-circuit television recording that was produced in court as key evidence.
Amirudin, meanwhile, said Malaysia has always been among the top 10 nations in the world in the Global Cyber Security Index.
“The unique thing is the contribution (to the ranking) mostly came from CSM since 2014. Not many people know this but Malaysia is among the top three Asia Pacific nations (in terms of cyber security),” he added.
He said CSM owes its success to, among others, its achievements, recognition and involvement at the international level including chairing the Asia Pacific Computer Emergency Response Team for the fifth time this year.
“CSM has also been acknowledged by the Islamic Development Bank (IDB) as a partner in the field of cyber security, so if Islamic countries and the Organisation of Islamic Cooperation (OIC) require any assistance in developing cyber security expertise, IDB will provide the funds but it will refer to CSM for expertise,” he said.
He also said that at the end of 2018, CSM received a courtesy call from the International Criminal Police Organisation or Interpol, which sought CSM’s approval to assist the organisation to develop global guidelines on digital forensics.
This request came on the heels of Malaysia’s success in becoming the first Asia Pacific nation to be accredited by the American Society of Crime Laboratory Directors (ASCLD).
“It’s not easy to be accredited by ASCLD. Because of this (accreditation), Interpol came to seek our advice, guidance and support to develop the guidelines, which were launched in Sao Paolo, Brazil, in May 2019.
“This clearly showed that they acknowledged the contributions of our expertise in developing the digital forensic guidelines,” Amirudin added.
Translated by Rema Nambiar