With the purpose to react towards the cyber incidents and cyber-attacks, the Malaysian government established the Malaysia Computer Emergency Response Team (MyCERT) under Malaysian Institute of Microelectronic Systems (MIMOS) Berhad in 1997. Moreover, Malaysia government set up cybersecurity center - namely National ICT security and emergency response center (NISER) on 24 Jan 1998. It was officially adopted on 10 April 2001 under the control of the Ministry of Science, Technology and Innovation (MOSTI). In 2003, Malaysia was a co-founder of the Asia Pacific Computer Emergency Response Team (APCERT) and participated in the Forum of Incident Response Security Team (FIRST). Moreover, Malaysia government participated in Global business dialogue on electronic commerce (GBDe), Regional Asia Pacific Information Security Standard Forum (RAISS) meetings and set up a collaboration with the International information systems security certification consortium (ISC2) in 2001, 2004, and 2005, in respectively [236]. Then, in March 2007, it changed its name to Cybersecurity Malaysia to ensure the safety, safeguard and development the cyber security in Malaysia [237],[236], [238], [Figure 3.7], [Table 3.6]. Then, Malaysia became the first country in Asia as the chair of the Organization of Islamic cooperation - Computer Emergency Response Team (OIC-CERT) in 2009. Moreover, Malaysia government set up some technology and innovation centers and programs between 2009 and 2013 such as cybersecurity
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 98 Nguyen Huu Phuoc Dai
Malaysia’s Malware research center, the security assurance lab, CyberSAFE programs in school, forensic lab in Malaysia and Asia Pacific, Malaysia TrustMark for private sector (MTPS) and Policy and Mechanism for National Cyber Crisis Management for National Security Council in order to create, maintain a safer cyberspace, and be recognized as National cyber security reference and specialist center.
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 99 Nguyen Huu Phuoc Dai
Figure 3.7: Malaysia cybersecurity organizations
0l/1997
Malaysia Computer Emergency Response team (MyCERT)
01/1998
iëlational ICT security and emergency response team center NISER) and adopted in 040001]
02/2003
í Co-founder of Asia Pacific Computer Emergency' Response Team (APCERT) J
K 01/2005 \
Setting up the international information systems security certifícation consortium (ISC2) for Certified Information Systems Security Professional (CISSP) and System Security Certified
\ Practıtıoner (SSCP) J
' 2007 `
NISER became cybersecurity Malaysia
f 2008 \
Coordinated the first National Cyber Crisis Exercise (Cyber Drill)
Obtained full certification in information security management system (ISMS), ISOJˇ [EC
\ 27001 J
Í 2009
1
\The first country to chair the Organization of Islamic cooperation- computer emergency response team (OIC-CERT)
Identified cybersecurity Malaysia as an agency to give cybersecurity services Launched Malaysia°s Cybeı'999 Help center of the public.
k Established cybersecurity Ma1aysia“s malware research center /
2010
Launched CyberSAFE program i.n school
Identified Cybersecurity Malaysia as the certifier and evaluator of Malaysia Trustmask
Established the information security management system audit and certification scheme (CSM27001) for supporting national cyber security' policy (NCSP)
First coımtry to develop certification body (CB) The chajr of OIC-CERT for second term (2012-2013)
2012
Elected Malaysia as the OIC-CERT Secretariat for 2013-2015 period
Built up the Malaysia Trustmask for private sector (MTPS)
In 5* OIC-CERT annual meeting, Malaysia was selected as the permanent sec-retariat of OIC-CERT
Set up the Policy and Mechanism for National Cyber Crisis Management for the National
Í \
\ J
1
K 2011. \
k Became member of the World Trustmask Alliance (WTA) J
f W
L J
K 2013 \
k Security' Council J
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 100 Nguyen Huu Phuoc Dai
Malaysia cybersecurity policy focused on eight important key factors – known as Thrust Frist-Eighth such as effective governance; legislative and regulatory framework; cybersecurity technology framework; culture of security and capacity building; research and development towards self-reliance; compliance and enforcement; cybersecurity emergency readiness; and international cooperation [239][173]. This policy intends to protect the Critical National information infrastructure (CNII) for the most essential sectors of Malaysia following by National defense and security; banking and finance; information and communication; energy;
transportation; water; health services; government; emergency services; and food and agriculture.
Table 3.6: Malaysia’s cybersecurity services [236], [240]
Cybersecurity’s services Functions Cyber Emergency Response
Team/ Cyber999, CyberDiscovery, CyberDEF
-Addressing cybersecurity issues and cyber threats for Malaysians Internet community such as identifying theft, intrusion, viruses, worms, etc.
Digital forensics (CyberCSI)
-Supporting the regulatory bodies and enforcement agencies for technical assistance with guidance forensic investigation and experts testimonials
Security assurance
-Supporting security evaluation for Malaysian ICT security product manufacturers
-Enhancement the status of Malaysian ICT security products and the competitiveness overseas
-Providing the best practices and standards for organizations and the public to learn, adapt and understand the importance of information security.
Training outreach (CyberSAFE, CyberGURU, e-security bulletin)
-Educating the Internet users on the threats on the Internet
Technical Coordination Centre
- Providing technical coordination and collaboration at national and international level during a cyber crisis such as a large-scale attack on key information infrastructure
Strategic policy research
- Enhancing research, proposing cybersecurity guideline and forming an international security framework to reduce the vulnerability of Malaysia’s ICT systems and networks
- Strengthening Malaysian cybersecurity capability.
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 101 Nguyen Huu Phuoc Dai
In short, the Malaysian government soon recognized the essence of information security; as a result, they created several cybersecurity centers like MyCERT, NISER and joined in some international organizations such as APCERT, FIRST, GBDe, RAISS, ISC2, OIC-CERT and the like to approach new technology in safeguarding and enhancing cybersecurity. Besides, the Malaysian government increases security awareness for their citizens by boosting education programs in school, developing the technology and innovation centers, research or lab centers, cooperation with private sectors to maintain their cyberspace in order to meet their vision (be realized as National cybersecurity reference and specialist center in global by 2020).
Weak cybersecurity capacity nations
There still exist several countries with weak cybersecurity capacity such as the Philippines, Indonesia, Thailand, Lao PDR, Cambodia, and Vietnam. These countries have suffered many years of war and heavy losses in critical infrastructure, social life, economy, and the like; as a result, they need time to reconstruct their infrastructure, military, system; develop the economy and technology. Hence, they lack experts, technology, and budgets in order to build strong cybersecurity capacity building, strategy, cyber-defense to deal with cyber-threats.