Sabah wants to have own legislation on cybersecurity
KOTA KINABALU (Aug 14): The Science, Technology and Innovation Ministry (KSTI) wants Sabah to have its own legislation on cybersecurity. Its minister, Datuk Arifin Arif, said that presently the State is using Federal legislations for cybersecurity.
“I will ask the Permanent Secretary (KSTI) to bring this issue to the Computer Services Department director to study the possibility for the State to have her own legislation on cyber security,” he said to the media at the launch of BIMP-EAGA Cyber Security Summit 2024 held at the Sabah International Convention Centre (SICC) on Wednesday.
He said the KSTI’s Permanent Secretary will also discuss the matter with the Sabah Attorney General.
“Presently, it is being discussed at the computer department and will be discussed with the ministry. God willing, we will present it after it is refined by the State Attorney General’s office,” he said.
Earlier, Arifin said the State Government views cyber security matters seriously as it has the capacity to influence the services rendered by the government.
In his speech at the event, Arifin commended the participation of digital leaders from Sabah as well as from the BIMP-EAGA region.
“This conference will surely provide us with the opportunity to create meaningful professional relationships, what more with cybersecurity experts, most of whom hail from outside Sabah,” he said.
He also said that the event sought to enhance the security level of government service delivery to the public.
“We need to stay updated and continually look into the latest concepts and innovations in cybersecurity and apply them appropriately,” he said.
Arifin reminded the reality of the cybersecurity landscape and cited leading cyber security company, Crowdstrike, and its anti-malware software “Falcon” which is widely used in enterprise environments worldwide, including 298 Fortune 500 companies.
“On 19th July 2024, Crowdstrike, by their own admission, inadvertently deployed a problematic Falcon software update into the Windows environment. As a result, the operations of 8.5 million devices globally were disrupted, requiring several weeks to fully recover,” he said.
Arifin added that Malaysia was also not spared and on July 24, the Malaysian Digital Minister announced that 14 Malaysian organisations experienced operational disruptions, including five government bodies: the Ministry of Transport, the Ministry of Education, the Ministry of Rural and Regional Development, the National Institute of Health, and the Kedah Zakat Board; while nine other affected organizations are in the private sector.
And on December 2, 2023, there was a serious data breach carried out by an organised cyber criminal group at the Social Security Organisation (SOCSO), said Arifin.
He added that the incident caused operational disruptions as well as posed a physical security threat, necessitating the relocation of the entire families of key officials in the organisation to safe houses until the situation was brought under control.
In the context of Sabah, there was a leak of classified state government documents from several computers and email accounts which was reported in the mainstream media on December 23, 2023, said Arifin.
He also said that a Sabah resident was also reported to have been arrested in November 2023. The individual is alleged to have been leading a global cyber crime network specialising in phishing activities generating millions of ringgit in profits, said Arifin.
-Agency