CYBERJAYA: As Malaysia embarks on a digital future, new guidelines on information and network security for the communications and multimedia industry are being drawn up to safeguard internet users.

To be developed by the Malaysian Communications and Multimedia Commission (MCMC) and relevant stakeholders, the guidelines would enhance cybersecurity standards, prioritising public safety, and highlighting the need for minimum auditable cybersecurity standards focused on protecting the public.

MCMC commission member Derek John Fernandez said the current guidelines are not "fully effective" and the new guidelines would benefit telecommunications service providers, data centres, and most importantly, the public.

"The current standard uses the term ‘best effort’, so we must define what that means. It involves organising your organisation, assessing threats, protecting your customers, and ensuring they are not at risk from scams,” he told Bernama on Tuesday (July 2).

Fernandez emphasised that digitalisation has empowered cybercriminals, underscoring the need to protect the most vulnerable.

"We must protect our rakyat, the service users, and phone subscribers. Service providers often consider their technology, hardware, and software as assets but overlook the importance of their customers,” he added.

Referring to the Section 263 of the Communications and Multimedia Act 1998, Fernandez noted that licensees have a duty to use their best endeavours to prevent their networks or services from being used in connection with criminal activities under Malaysian law.

"The Act mandates minimum levels of security. Under Section 263, all licensees must ensure their networks are not used for criminal or attempted criminal activities like ransomware or scams,” he said.

On Tuesday, Fernandez attended a briefing session on the draft guideline, which included about 40 cybersecurity services companies, accounting and risk management firms.

He described the initial briefing as promising and mentioned that more engagements are planned with related stakeholders such as the Home Ministry and Digital Ministry, the Royal Malaysia Police, and National Cyber Security Agency (NACSA).

"We will also discuss with the telecommunications service providers and data centres to set minimum standards. Initially, these will serve as best practices and guidelines, but they may eventually become mandatory standards,” he said.

Additionally, the guidelines aim to ensure service providers effectively address cybersecurity threats including scams, fraud, offences related to ransomware, child sexual abuse materials and any other breaches of Malaysian law.

Meanwhile, several companies who attended the briefing session commended MCMC for undertaking the initiative. - Bernama

https://www.thestar.com.my/news/nation/2024/07/03/mcmc-to-develop-guidelines-on-information-network-security