PETALING JAYA: The Cyber Security Act (Act 854), which is an overarching law to fortify the country’s security defences against cyber attacks and emerging threats, could be enforced soon.

The National Cyber Security Agency (Nacsa) is working full swing to see through its implementation.

The Act, which was passed in the Dewan Rakyat in March, received royal assent on June 18 and gazetted on June 26.

“We anticipate that by this month, once the regulations are approved and Nacsa receives the additional manpower allocation, we will be prepared to proceed,” Nacsa chief executive officer Dr Megat Zuhairy Megat Tajuddin said when asked when the Act would be enforced.

All set: The Federal Gazette of Act 854 which was passed in the Dewan Rakyat in March and gazetted on June 26.

On the measures taken so far in relation to the implementation of the Act, Megat Zuhairy said four regulations have been drafted and submitted to the drafting division of the Attorney General’s Chambers (AGC).

The four are the Cyber Security (Compounding of Offences) Regulations 2024, Cyber Security (Notification on Cyber Security Incident) Regulations 2024, Cyber Security (Risk Assessment and Audit) Regulations 2024 and Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024.

Out of the four, three have been approved by the AGC while one is currently awaiting approval.

“The next step is to gazette when Act 854 will be enforced after the four cybersecurity regulations have been vetted and approved by the Drafting Division of the AGC,” he said when contacted.

The government, he said, has agreed to strengthen Nacsa with sufficient resources in terms of personnel and budget to ensure the effective implementation of Act 854.

Apart from that, the preliminary directives and guidelines are being refined.

“The National Coordination and Command Centre (NC4) team has been set up and started operation long before the Act was passed,” he said.

The Act, among others, addresses the management of cybersecurity threats and incidents related to National Critical Information Infrastructure (NCII) sectors.

This refers to computer or computer systems operated by entities in 11 sectors – whose disruption or destruction can impact national defence and security, economic stability, national image, the government’s ability to function, public health and safety as well as individual privacy.

It also provides for the regulatory framework comprising the measures, standards and processes that NCII sectors will have to comply with.

The 11 NCII sectors are government, national defence and security, banking and finance, information and communications, energy, transportation, emergency services, water, health services, agriculture and plantation, as well as trade, industry and economy.

He said the code of practice for cybersecurity will be drafted by NCII sector leads once the regulations are passed and the new list of NCII is confirmed.

“The Cyber Security Act 2024 is a pivotal step to fortify Malaysia’s cybersecurity framework, but it is merely the foundation upon which we are building a more robust and resilient cybersecurity ecosystem,” he told The Star.

“The enforcement of the Act will empower Nacsa with legislative power to perform its function as the National Cyber Security Lead agency.

“Currently and beyond, Nacsa is actively engaged in a multitude of strategic initiatives.

“This includes the enhancement of NC4 to detect and respond to cyber threats with greater efficiency and effectiveness.

“We are also focusing on developing the cybersecurity talent pool through comprehensive training and education programmes,” he said.

Nacsa aims to create a sustainable pipeline of cybersecurity experts who will contribute to national cybersecurity resilience through partnership with academic institutions and industry leaders.

Recognising the critical role of the private sector in national cybersecurity, Nacsa is fostering deeper collaborations with industry stakeholders.

“We are working on several public-private partnership programmes to enhance information sharing, promote best practices and develop innovative cybersecurity solutions. These collaborations are vital in creating a unified front against cyber adversaries,” he added.

The Act also provides for the establishment of the National Cyber Security Committee which is chaired by the Prime Minister and includes six ministers, the chief secretary to the government; chief of Defence Force; Inspector-General of Police; director-general of National Security; and two other persons with experience in cybersecurity appointed by the committee.

It also outlines the duties and powers of the Nacsa CEO, appointment of NCII sector leads, the designation of national critical information infrastructure entities and the licensing of cybersecurity service providers.

https://www.thestar.com.my/news/nation/2024/08/11/cyber-security-act-set-to-be-enforced-soon