KUALA LUMPUR, March 14 (Bernama) — The National Cyber Security Agency (NACSA) is taking proactive measures to strengthen the country’s preparedness against cyber security threats, through the development and implementation of the National Cyber Crisis Management Plan (NCCMP).
NACSA chief executive Dr Megat Zuhairy Megat Tajuddin said that the plan was developed based on a risk management framework, which outlines strategies to mitigate the impact of cyber attacks.
“The NCCMP will identify the necessary response measures for entities under the National Critical Information Infrastructure (NCII), which includes both public and private agencies, in the event of a cyberattack.
“At the same time, through the monitoring and intelligence efforts of the National Cyber Coordination and Command Centre (NC4), we will alert the affected entities in advance, if a potential cyber threat is detected,” he told Bernama today.
Elaborating further, he explained that, for instance, if an NCII entity experiences a malicious code infection – harmful code or scripts used for cyberattacks – it must immediately report the incident to the NACSA chief executive and the NCII sector head.
He said that this aligns with Section 23(1) of the Cyber Security Act 2024 (Act 854), and the Cyber Security (Notification of Cyber Security Incident) Regulations 2024, as outlined in the NACSA Chief Executive’s Directive Number 1 on cyber security incident notification, and the NCCMP.
“At the same time, NCII entities will take the necessary steps to prevent the malware infection from spreading, ensure there is no system disruption or data leakage, and restore the system to its original state as quickly as possible.
“Depending on the severity and complexity of the incident, response measures may include isolating the infected server from the network, ensuring all security patches are up to date, and wiping all data and settings on the server before restoring information from backups,” he said.
He added that digital forensics will then be conducted to identify the perpetrator, and NACSA will collaborate with the Royal Malaysia Police (PDRM) to take appropriate action against those responsible.
Megat Zuhairy also noted that efforts to enforce Act 854, since last year, have yielded positive results. According to the Microsoft Digital Defence report, Malaysia ranked 6th among countries targeted by cyberattacks in 2023, compared with 12th in 2024.
“The NCCMP is currently being enhanced in line with the enforcement of Act 854 and the upgrade of NC4, which also serves as the Malaysia Computer Emergency Response Team (MyCERT),” he said.
Regarding the country’s readiness to combat cyber threats, Megat Zuhairy expressed confidence in the skills and capabilities of local talent, emphasising that Malaysia has a wealth of expertise, with great potential to further strengthen its cybersecurity landscape.
“Malaysia is fortunate to have local experts who are recognised by the international research community.
“For instance, a study conducted by researchers from the Advanced Cryptography and System Security Key Laboratory, of Sichuan Province in Chengdu, China, ranked research on RSA cryptosystem analysis by Universiti Putra Malaysia (UPM) third in the world. Additionally, Malaysia’s overall ranking in this research field stands at seventh globally,” he said.
He added that the National Cyber Security Committee (JKSN) had previously approved the establishment of the Malaysian Cryptology Technology and Management Centre (PTPKM), further demonstrating that the country’s cyber security efforts go beyond application and technology security, placing strong emphasis on the fundamental aspect of cyber security – cryptography.
“With the rapid advancement of technology, it is crucial for Malaysia to develop expertise in cyber security, particularly in preparing for the challenges posed by quantum computing, which necessitates the adoption of post-quantum cryptography (PQC) systems.
“In addition to UPM, experts from Universiti Sains Malaysia (USM), Universiti Teknikal Malaysia Melaka (UTeM), Universiti Teknologi MARA (UiTM), Universiti Malaysia Sabah (UMS) and CyberSecurity Malaysia will be stationed at PTPKM,” he said.
The media previously reported that Prime Minister Datuk Seri Anwar Ibrahim, during the first JKSN meeting this year, in Putrajaya, urged cyber security experts to work with the authorities in strengthening the country’s resilience by leveraging local expertise, following the growing digital threats in Malaysia.
– BERNAMA