A National Cybersecurity Policy in the making?

In December 2018, the Communications and Multimedia Minister was quoted to have said that a national cyber security policy will be introduced in the 1st quarter of 2019. The policy is aimed at curbing cyber attacks from within and outside the country and include protection of personal information of internet users and is also aimed to support the growth of the local cybersecurity industry.

Earlier, in Oct 2018, the Minister was quoted to have said that the government will be amending the Personal Data Protection Act (PDPA) and it could be modeled after the General Data Protection Regulation (GDPR) introduced by the EU in July 2018. Then in Feb 2019, the Minister was quoted to have said that the government will be rolling out the Digital Economy Policy by the 3rd quarter of 2019.

Insofar as those who are in the cybersecurity industry are aware, there is already an existing National Cybersecurity Policy which was set out in the portal - cnii.cybersecurity.my. In this portal, it clearly states that the National Cyber Security Policy seeks to address the risks to the Critical National Information Infrastructure (CNII) which comprises the networked information systems of ten critical sectors. The CNII Portal is a portal in which the members of critical infrastructure work together by sharing information on security issues which affect critical infrastructure.

Is the National Cybersecurity Policy mentioned by the Minister in Dec 2018 a new policy or is it an update / revision of the existing National Cybersecurity Policy set out in the portal cnii.cybersecurity.my?

Be that as it may, we do hope the authorities in preparing the National Cybersecurity Policy, take cognizant the views of the public and all interested stakeholders before finalising it. As for ourselves, with regard to the National Cybersecurity Policy and also the PDPA and the Digital Economy policy, our views were set forth in these 9 articles posted on this website:-

1. Biometric based data - a Form of Personal Data - 4 January 2019

2. Updating the Personal Data Protection Act - 5 January 2019

3. Safeguarding from cyber threats taking a backseat to National Security? - 16 January 2019

4. Cybersecurity law - What do we understand about this term (Part 1 & 2) - 4 and 8 Feb 2019 respectively

5. Any recourse for individuals subsequent to a data breach - 13 Feb 2019

6. Our country should prioritise and assert the economic rights of our data - 14 Feb 2019

7. Addressing cybersecurity should be the core of the proposed Digital Economy policy in Malaysia - 27 Feb 2019

8. Cybersecurity Regulation compliance for the Digital Economy policy - 28 Feb 2019

9. Government should incentivise SMEs in building and maintaining cyber resiliency - 4 March 2019 

Our neighbours, Thailand introduced their Cybersecurity Act on 28 Feb 2019 while Vietnam introduced their Cybersecurity Law, which took effect on January 1, 2019. Is there any likelihood that our proposed National Cybersecurity Policy would 'mirror' those of of our neighbours? 

Any policy introduced will always be a double edged sword - it could always bring as many problems as to solving it. Are we prepared enough for it?