New Malaysian cyber security Bill and PDPA review in the pipeline

• New cyber security Bill in development by NACSA, to be tabled early 2024 
• Dept of Personal Data Protection to be strengthened as a statutory authority

Malaysia will continue to strengthen regulatory frameworks, including the drafting of a new cyber security Bill, while monitoring emerging technologies such as the Internet of Things (IoT), artificial intelligence (AI), and advanced cloud computing in its efforts to secure the nation. 

"In order to tackle cyber threats, Malaysia must continually review laws and regulations," said Minister of Communications and Digital, Fahmi Fadzil, at the opening of Cyber Digital Services, Defence & Security Asia (CyberDSA) 2023 held in Kuala Lumpur yesterday. "These technologies offer immense opportunities but also come with significant risks".

He also noted the advent of next-generation technologies has given rise to a surge in cyber attack surfaces, morphing the threat landscape into a cyberspace battlefield. In recognition of the urgency of this situation Fahmi emphasized the need for collective action, collaboration and worldwide coordination across governments, businesses, academia, and civil society to counter these threats. 

"With the knowledge and resources in this room, we can secure the world's digital future," he said. "Agencies such as MDEC, MyNIC and MyCV (Malaysian Cryptography Validation) will strengthen the country’s digital economy ecosystem, transforming it into the Golden Digital Decade."

New cyber security Bill by early next year

In his speech, Fahmi highlighted the government's commitment to creating a robust cybersecurity infrastructure through the drafting of a cyber security Bill. Spearheaded by the National Cyber Security Agency (NACSA) under the National Security Council, the Bill brings together efforts from various government agencies and industry players to fortify Malaysia's resilience and response to cyber threats. 

Describing the Bill as a critical step towards reinforcing Malaysia's digital resilience, it is set to be presented in parliament towards the end of this year or early next year, and Fahmi says, "It will reflect our commitment to resilience and innovation in response to adversity, establishing a legal structure that adapts swiftly to evolving cyber threats alongside promoting proactive governance for addressing emerging threats, enabling effective response, and driving continuous improvement."

In addition, a review and strengthening of existing policies such as the Personal Data Protection Act (PDPA) 2010 will also take place. The Department of Personal Data Protection (JPDP) is expected to emerge as a statutory authority leading personal data protection in industry and commercial transactions following the revision. 

Looking forward, a commitment to develop quantum-safe cryptography solutions is also on Malaysia's cybersecurity agenda. In a bid to ensure the confidentiality, integrity, authenticity, and non-repudiation of digital information, the Ministry is collaborating with NACSA and other stakeholders to steer the nation's cryptography policy in congruence with the changing digital landscape.

Closing the skills gap in cybersecurity

In tackling the challenge of the skills gap in the cybersecurity workforce, the Malaysian government is finding innovative ways to nurture and harness talent. ISC Squared's (ISC²) Cybersecurity Workforce Study 2022 highlights the global shortage of cybersecurity professionals, tallying to around 3.4 million people worldwide. 

"There is an acute shortage of cybersecurity professionals who are not only sufficiently equipped with the right technical skills but also possess creativity and deep understanding of both technology and human behaviour," he said, while noting there are only 15,248 cybersecurity knowledge workers in Malaysia. In response, the government is supporting the development of cybersecurity capacity building programmes, including the Global Accreditation Cybersecurity Education Certification Scheme (Global ACE), CyberGuru, and the Cyber Range Consortium by CyberSecurity Malaysia. 

Meanwhile, the government will continue to raise cybersecurity awareness through campaigns, workshops and community outreach efforts from the Malaysian Communications and Multimedia Commission, CyberSecurity Malaysia, Communications and Multimedia Content Forum.