In December 2018, the Communications and Multimedia Minister was quoted to have said that a national cyber security policy will be introduced in the 1st quarter of 2019. The policy is aimed at curbing cyber attacks from within and outside the country and include protection of personal information of internet users and is also aimed to support the growth of the local cybersecurity industry.
Earlier, in Oct 2018, the Minister was quoted to have said that the government will be amending the Personal Data Protection Act (PDPA) and it could be modeled after the General Data Protection Regulation (GDPR) introduced by the EU in July 2018. Then in Feb 2019, the Minister was quoted to have said that the government will be rolling out the Digital Economy Policy by the 3rd quarter of 2019.
Insofar as those who are in the cybersecurity industry are aware, there is already an existing National Cybersecurity Policy which was set out in the portal - cnii.cybersecurity.my. In this portal, it clearly states that the National Cyber Security Policy seeks to address the risks to the Critical National Information Infrastructure (CNII) which comprises the networked information systems of ten critical sectors. The CNII Portal is a portal in which the members of critical infrastructure work together by sharing information on security issues which affect critical infrastructure.
Is the National Cybersecurity Policy mentioned by the Minister in Dec 2018 a new policy or is it an update / revision of the existing National Cybersecurity Policy set out in the portal cnii.cybersecurity.my?
Be that as it may, we do hope the authorities in preparing the National Cybersecurity Policy, take cognizant the views of the public and all interested stakeholders before finalising it. As for ourselves, with regard to the National Cybersecurity Policy and also the PDPA and the Digital Economy policy, our views were set forth in these 9 articles posted on this website:-
Biometric based data - a Form of Personal Data - 4 January 2019
Updating the Personal Data Protection Act - 5 January 2019
Safeguarding from cyber threats taking a backseat to National Security? - 16 January 2019
Cybersecurity law - What do we understand about this term (Part 1 & 2) - 4 and 8 Feb 2019 respectively
Any recourse for individuals subsequent to a data breach - 13 Feb 2019
Our neighbours, Thailand introduced their Cybersecurity Act on 28 Feb 2019 while Vietnam introduced their Cybersecurity Law, which took effect on January 1, 2019. Is there any likelihood that our proposed National Cybersecurity Policy would 'mirror' those of of our neighbours?
Any policy introduced will always be a double edged sword - it could always bring as many problems as to solving it. Are we prepared enough for it?