How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation.
CyberSecurity Malaysia plays a sentimental role in shaping the cybersecurity landscape of the country, having been the reference centre of cyber security for more than two decades. Our technical expertise and security programmes in various sectors is crucial to ensure that technologies deployed in organisations provide a secure cyber and computing environment.
This is particularly important as the country is gearing up to become a regional leader on digital economy where the cybersecurity ecosystem is a safe place for the citizens.
As the head of theCyber Security Proactive Services Division, as the name implies, my role is to assure trust and confidence in the cyber security ecosystem through security efforts to prevent cyber security breaches and minimise impacts should they occur. Instead of the popular term ‘technology as an enabler’, we wish to shift this perception to ‘cyber security as an enabler for a secure and trusted cyber ecosystem’.
We know very well that technologies are designed for efficiency and convenience purposes; but security is frequently an afterthought. This situation is ongoing which prompts us to find solutions to deal with these security threats and assure its security readiness.
With Industry 4.0, smart cities, IoT, and 5G upcoming in today’s era, there is no doubt that individuals and entities are heavily dependent on technologies. The government and private sectors use technologies to create value in their services whilst offering convenience and satisfaction to customers.
Our role is to ensure the citizens are safe and confident in using digital and online services, while these organisations deliver efficient services. For that, we developed several guidelines to assist industries, particularly vendors, to secure their products with security benefits that cascade down to citizens. These guidelines are available on our website.
Apart from playing a proactive role, CyberSecurity Malaysia also works closely with the enforcement agencies and regulatory bodies to respond to security attacks and breaches. We hope that our efforts and contributions with policy makers and awareness programmes nationwide will encourage the nation to shift towards a more trusted and secure digital platform.
What was the most impactful project you worked on this year?
Since privacy is now a global concern, our main focus today is to ensure the nation understands the importance of privacy according to domains. Thus, we developed frameworks with different approaches on evaluation and assessment components, and methodology with certification, to secure privacy involving process, technology and people.
These incorporate existing data protection regulations as well as global privacy requirements. For process, managing privacy in organisations in a structured and systematic manner allows liabilities to be mitigated.
The extension of ISMS ISO/IEC 27001 ISMS to Privacy Management system ISO/IEC 27701 requires the management of privacy risks. Something that is important to understand in privacy is the jurisdictional risks related to cross-border matters involving personally identifiable information in the event of disputes. It looks simple but is complex when it involves data hosted on the cloud!
As for technology, we are concerned about products that breach privacy. Adopting privacy evaluation criteria based on Common Criteria part two of our framework provides a good understanding of creating methodologies for evaluation to ensure data privacy on products is protected.
Privacy is frequently associated with avoidance of physical space invasion. But in the digital world, privacy is protected when the aspects of anonymisation, pseudonymisation, unlinkability, and unobservability are assessed.
It is a complex situation to ensure there are the right people who understand and are able to manage privacy in organisations as well as third parties in the ecosystem. It is critical to adapt the knowledge, skills and abilities related to privacy in ensuring it is prudently managed and protected.
I strongly feel that a holistic understanding of privacy offers citizens comfort and confidence to progress towards the digital economy.
What is one unexpected learning from 2021?
The fact that technology played an important role during the Movement Control Order period in getting things done is undeniable. I learned about the e-signature, which has become a critical component in executing documents during this period.
Documents can be approved online either via email indicating one’s approval or by signing on the document electronically. But this raised doubts on its reliability and whether the content of the documents remain intact after being signed.
Coincidentally, my daughter was pursuing her master’s degree in commercial law, and the project she had to work on is about e-signature related laws in Malaysia. She referred to me in deliberating the security and reliability concerns on that matter. Our discussions led to a deep dive and exchange of knowledge in the multi-disciplinary domains of cyber security and legal.
Jurisdictional comparisons were made on where there may be room for improvement on related regulations in Malaysia. I found her findings interesting, and can be considered by relevant regulatory bodies to ensure its usage with full trust and confidence.
What’s your favourite memory from the past year?
Malaysia experienced the unprecedented Movement Control Order period at the end of the first quarter last year. We had to change our way of work and lifestyle. Yet, we managed to deliver on our key performance indicators smoothly.
Throughout that period, travelling, even for work was restricted, not to mention visiting family members. However, I had the golden opportunity to meet my mum on my way back from attending a workshop in one of the states when the inter-state travelling ban was lifted.
I am glad I had that opportunity to celebrate my birthday with her, without realising that was my last quality time spent with her as she passed early this year. That will always be my favourite memory ever.
What’s a tool or technique you’re excited to explore in 2022?
Since one of my projects is related to privacy technologies, de-identification tools and techniques are of great interest for me to explore. All tools provide functions to meet their expected objectives. Still, I would like to learn its background as well as the algorithms.
What are your priorities for 2022?
2022 will be another critical year with set and defined deliverables for us to achieve. Similar to previous years, unexpected tasks and deliverables involving national initiatives are still within our radar. Despite the economic and social challenges, optimising resources is another challenge to deliver optimal services.
Thus, my priority is to create a pleasant and fulfilling working environment with my team, by contributing as much knowledge as I can. I always believe a positive work environment establishes good aura among my team members, allowing us to deliver exceptional service to the nation.
Who are the mentors and heroes that inspire you?
Certainly, my late parents are my mentors and heroes! They never had the opportunity to pursue education like I did, but they ensured that I obtained a good education. They worked hard to earn, so they can provide our siblings with the best education. The most important contribution to who I am now is their endless prayers and encouragement.
What gets you up in the morning?
My passion is to contribute towards the cyber security ecosystem by putting Malaysia on par with advanced states, to create a better Malaysia for the nation.