THE Malaysian Bar has called the new Cyber Security Bill “opportune”, albeit with some required amendments to make it more just and meaningful in the larger fight against cyber threats.
“With a staggering 80% of nations globally having enacted legislation to combat cybercrimes, the introduction of this Bill is undoubtedly opportune,” says Bar president Mohamad Ezri Abdul Wahab, but some concerns will need to be addressed .
Among them is the amount of power given to the National Cyber Security Agency (NACSA) and other authorities to keep checks on entities that handle the country’s most critical assets or National Critical Information Infrastructure (NCII) as it says now in the new Bill.
The Bar recommends the removal of the subsection 2(2) of the Bill, saying that the federal and state governments should not be immune from prosecution.
Foong Cheng Leong, writer and lawyer specialising in privacy and data protection laws, cautions that the broad powers granted to the chief executive (CE) of the National Cyber Security Agency under the Act should be tightened to prevent abuse.
For example, section 10(1)(a) of the CSB 2024 states that the CE has the duty to advise and make recommendations to the National Cyber Security Committee on policies, strategies, and strategic measures relating to national cyber security.
“In this situation, what kind of information and documents would be relevant to the CE? The CE may, for example, claim that a telecommunication company to disclose all subscribers’ details for him to formulate policies.
“If that is the case, what would be the level of security imposed by the CE to ensure that there is no data leakage on their side?” says Foong. “The CE should, like any other entities, go through a Court process to obtain information or documents.”
Licensing of cybersecurity service providers might also become a sticking point for the industry, as Section 27 of the CSB 2024 will require any cyber security service provider to register with the Government before they can provide cyber security services.
“The definition of cyber security services will be prescribed by the Government after the law is passed. At this juncture, we do not know what are those services. Would that be as simple as installing an anti virus software and firewall for customers?” Foong adds.
In his April 3 Dewan Negara debate on the cybersecurity bill, Senator Tan Sri Low Kian Chuan had also urged to remove subsection 2(2) that immunises the federal and state governments from any offense under the same law.
Low added that any reports from cybersecurity risk evaluations or audits under subsection 22(1) which must be presented to the chief executive must also be tabled in Parliament.
Already a subscriber? Log in
Get 20% OFF The Star Digital Access
Cancel anytime. Ad-free. Unlimited access with perks.
