CYBERJAYA, July 3 — As Malaysia pursues a digital future, new guidelines on information and network security for the communications and multimedia industry are in the works to safeguard internet users.
The guidelines, to be developed by the Malaysian Communications and Multimedia Commission (MCMC) and other stakeholders, would enhance cybersecurity standards, prioritise public safety, and highlight the need for minimum auditable cybersecurity standards focused on protecting the public.
MCMC member Derek John Fernandez said current guidelines are not “fully effective”, and new ones will benefit telecommunications service providers, data centres, and, most importantly, the public.
“The current standard uses the term ‘best effort’, so we must define what that means. It involves organising your organisation, assessing threats, protecting your customers, and ensuring they are not at risk of scams,” he told Bernama yesterday.
Fernandez said digitalisation has empowered cybercriminals, underscoring the need to protect the most vulnerable.
“We must protect our rakyat, the service users, and phone subscribers. Service providers often consider their technology, hardware, and software as assets but overlook the importance of their customers,” he added.
Referring to Section 263 of the Communications and Multimedia Act 1998, Fernandez noted that licensees have a duty to prevent their networks or services from being used in connection with criminal activities.
“The Act mandates minimum levels of security. Under Section 263, all licensees must ensure their networks are not used for criminal or attempted criminal activities like ransomware or scams,” he said.
On Tuesday, Fernandez attended a briefing on the draft guidelines, which included about 40 cybersecurity services companies, accounting and risk management firms.
He described the initial briefing as promising, and said more engagements are planned with stakeholders such as the Home Affairs Ministry and Digital Ministry, the Royal Malaysian Police, and National Cyber Security Agency.
“We will also discuss with telecommunications service providers and data centres to set minimum standards. Initially, these will serve as best practices and guidelines, but they may eventually become mandatory standards,” he said.
The guidelines also aim to ensure service providers effectively address cybersecurity threats, including scams, fraud, ransomware offences, child sexual abuse material, and any other breaches of Malaysian law.
Several companies who attended the briefing commended MCMC for undertaking the initiative.
— Bernama
