CYBERJAYA – As Malaysia embarks on a digital future, new guidelines on information and network security for the communications and multimedia industries are underway to safeguard internet users.
To be developed by the Malaysian Communications and Multimedia Commission (MCMC) and relevant stakeholders, the guidelines would enhance cybersecurity standards, prioritising public safety and highlighting the need for minimum auditable cybersecurity standards focused on protecting the public.
MCMC commission member Derek Fernandez said the current guidelines are not “fully effective” and the new guidelines would benefit telecommunication service providers, data centres, and most importantly, the public.
“The current standard uses the term ‘best effort’, so we must define what that means. It involves organising your organisation, assessing threats, protecting your customers, and ensuring they are not at risk from scams,” he said yesterday.
Fernandez emphasised that digitalisation has empowered cybercriminals, underscoring the need to protect the most vulnerable.
“We must protect our rakyat, the service users, and phone subscribers. Service providers often consider their technology, hardware, and software as assets but overlook the importance of their customers,” he added.
Referring to Section 263 of the Communications and Multimedia Act 1998, Fernandez noted that licensees have a duty to use their best endeavours to prevent their networks or services from being used in connection with criminal activities under Malaysian law.
“The act mandates minimum levels of security. Under Section 263, all licensees must ensure their networks are not used for criminal or attempted criminal activities like ransomware or scams,” he said.
Fernandez attended a draft guideline briefing session yesterday with approximately 40 cybersecurity service providers, as well as accounting and risk management firms.
He described the initial briefing as promising and mentioned that more engagements are planned with related stakeholders such as the Home Ministry and Digital Ministry, the Royal Malaysia Police, and the National Cyber Security Agency.
“We will also discuss with the telecommunications service providers and data centres to set minimum standards. Initially, these will serve as best practices and guidelines, but they may eventually become mandatory standards,” he said.
Additionally, the guidelines aim to ensure service providers effectively address cybersecurity threats, including scams, fraud, offences related to ransomware, child sexual abuse materials and any other breaches of Malaysian law.
Meanwhile, several companies that attended the briefing session commended MCMC for undertaking the initiative. – July 3, 2024