Reinforcing cybersecurity


PETALING JAYA: Within six hours of discovering a cybersecurity incident, or even a potential threat, an authorised person under a newly-enforced law will have to make an initial report to the National Cyber Coordination and Command Centre System (NC4).

The six-hour rule applies to attacks on information in sectors deemed critical to the nation, including defence, finance, water, and healthcare services.

This new step follows the enforcement of the Cybersecurity Act 2024 (Act 854) that began yesterday.

Act 854 aims to enhance national cybersecurity, said the Prime Minister’s Office (PMO) in a statement.

ALSO READ: Hackers target Malaysia frequently

The six-hour rule comes under the Notification of Cybersecurity Incident Regulations. It mandates an authorised person from any National Critical Information Infrastructure (NCII) entity to immediately report via electronic means, any cybersecurity threats detected.

Within those critical six hours, the information furnished by the authorised person must include the nature of the incident and severity of the threat.

The authorised person for the NCII entity must also provide additional information within 14 days through the NC4 System -- including number of hosts affected, techniques used in the attack, and its impact.

NCII refers to computers or systems whose disruption would harm essential services or the effective functioning of federal or state governments.

ALSO READ: Experts call for balance in quick reporting under new Act

The 11 NCII sectors are government; banking and finance; transportation; defence and national security; information, communication, and digital; healthcare services; water; sewerage and waste management; energy; agriculture and plantation; trade, industry, and economy; and science, technology, and innovation.

CLICK TO ENLARGECLICK TO ENLARGE

The PMO said, in accordance with subsection 1(2) of Act 854, the Prime Minister, in his capacity as the minister responsible for cybersecurity, has set yesterday as the effective date of the implementation of Act 854.

Act 854 received royal assent from the Yang di-Pertuan Agong on June 18, and was published in the federal gazette on June 26.

The Act was passed in the Dewan Rakyat in March.

ALSO READ: Cyber Security Act 2024 and linked Regulations to take effect from today

The Prime Minister has also set Aug 26 as the effective date for regulations set under Act 854 as follows:

> Risk Assessment and Audit Regulations;

> Notification of Cybersecurity Incident Regulations;

> Licensing of Cybersecurity Service Provider Regulations; and

> Compounding of Offences Regulations.

The above regulations were published in the Federal Gazette on Aug 22, noted the PMO.

The PMO pointed out that Act 854 was enacted to enhance the nation’s cybersecurity by providing for the setting-up of the National Cybersecurity Com-mittee.

It also clearly spells out the duties and powers of the chief executive of the National Cyber Security Agency (Nacsa).

Act 854 also makes clear the functions and duties of the heads of the NCII sectors and NCII entities.

Meanwhile, the Risk Assessment and Audit Regulations under Act 854 stipulate that an NCII entity must conduct a cybersecurity risk assessment at least once a year and carry out an audit at least once every two years; or at a higher frequency as may be directed by the chief executive in any specific cases.

The Licensing of Cybersecurity Service Provider Regulations will apply to individuals and companies that provide cybersecurity services related to Managed Security Operation Centre Monitoring Services and Penetration Testing Services.

The Compounding of Offences Regulations provide for the compounding of offences, namely subsections 20(6), 20(7), 22(7), 22(8), 24(4), and 32(3) in Act 854.

In countering cyberattacks, the Prime Minister is the head of a 13-member National Cyber-security Committee.

The committee comprises the ministers in charge of the Finance, Foreign Affairs, Defence, Home Affairs, and Communications and Digital portfolios. It also comprises senior government officials such as the chief secretary to the government, the Armed Forces General, and Inspector-General of Police, among others.

Among the roles of the committee is to determine policies, approaches and strategies related to the country’s cybersecurity; advise the government on policies and strategic measures to strengthen cybersecurity; instruct the chief executive and sector leads; and monitor the enforcement of the Act.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Nation

Singaporean women among opera actors nabbed in Penang for immigration violations
Giant arapaima fish injures Fisheries Dept officers during capture
Teen discovers body of elderly man on walk home in Tawau
JB woman loses over RM500,000 to investment scam
Country's rice self-sufficiency rate at 56.2pc according to new calculation, says ministry
SAR op underway for missing Filipino man in Kudat
Woman stages own kidnapping to escape debts in Melaka
Oil tanker lorry overturns on KL-Karak Highway
Penang Customs trips 'frog alarm' to bust fake liquor lab hidden in forest
Nine Emperor Gods festival ends with grand send-off of emperor boats at sea

Others Also Read