REGIONAL CYBERCRIME/CYBERSECURITY ASSESSMENT CONFERENCE 1

REGIONAL CYBERCRIME/CYBERSECURITY ASSESSMENT CONFERENCE

11 – 12 NOVEMBER 2015 MANILA, PHILIPPINES

Objective The paper provides an update report on the state of cybercrime/cybersecurity in Malaysia. 1. National Cyber Security Policy (NCSP) To address the issue of protection of the Critical National Information Infrastructure (CNII), Malaysia has formulated the National Cyber Security Policy (NCSP). It defines the CNII as information infrastructure that is very important to the nation, that significant disruption or destruction would have a devastating impact on:

i) National Defence and Security; ii) National Economic Strength; iii) National Image; iv) Government Capabilities to Function; and v) Public Health & Safety.

The NCSP is divided into eight focus areas, which are being referred to as the policy thrusts. A Thrust Driver, from the ministries that have the authority in the respective thrust areas, leads the thrusts. For the National Security Council, apart from looking at the whole cyber security governance in Malaysia, The NSC is the thrust driver for Thrust 7: Cyber Security Emergency Readiness. 2. Malaysian Communications and Multimedia Commission (MCMC) The Malaysian Communications and Multimedia Commission is the regulator for the converging communications and multimedia industry. At the time it was created its key role was the regulation of the communications and multimedia industry based on the powers provided for in the Malaysian Communications and Multimedia Commission Act (1998) and the Communications and Multimedia Act (1998). Pursuant to these Acts the role of the Malaysian Communications and Multimedia Commission is to implement and promote the Government's national policy objectives for the communications and multimedia sector. The Malaysian

REGIONAL CYBERCRIME/CYBERSECURITY ASSESSMENT CONFERENCE 2

Communications and Multimedia Commission is also responsible in overseeing the new regulatory framework for the converging industries of telecommunications, broadcasting and on-line activities.

2.1 Network Security Centre

SKMM Network Security Center (SNSC) is a department under the Digital Security Division (DSD) and serves as the national Internet network thermometer to provide overall understanding of macro cyber threat level with the involvement and cooperation of both public and private sectors in Malaysia.

As provided for under Section 3(2) of the Communications and Multimedia Act 1998 (Act 588) is to ensure information security and network reliability and integrity within the communications and multimedia industry and to promote a high level of consumer confidence in service delivery from the industry. In meeting the objective the SNSC provides particular attention to critical communications and multimedia infrastructure

2.2 Digital Forensics Department

Digital Forensics Department (DFD) is another department under the Digital Security Division (DSD) that was established in 2012 and fully operated in 2013. DFD is responsible in conducting digital forensics analysis for cybercrime cases. The most valuable asset under DFD is the Digital Forensics Laboratory. Among the services offered by DFD are computer forensics analysis, mobile forensics analysis, data recovery and data preservation. From 2013 until 2015, DFD has received a total number of 302 requests from Enforcement & Investigation Department MCMC and other Law Enforcement Agencies in Malaysia to conduct digital forensics analysis on cases involving offences such as obscene, indecent, false, menacing or offensive contents, seditious, defamation, human and drug trafficking, terrorism, document forgery, criminal intimidation, hacking and online gambling that fall under the purview of Communications and Multimedia Act 1998 and other laws of Malaysia. In addition to conducting analysis in the digital forensics laboratory, the expertise of DFD is also required as First Responder Officer at crime scene and expert witness in Court proceedings.

REGIONAL CYBERCRIME/CYBERSECURITY ASSESSMENT CONFERENCE 3

Appendix A