GLOBAL strategic competition in the tech and economic domains is giving Malaysia a once-in-a-generation opportunity. As global semiconductor giants seek alternatives to Chinese supply chains, Malaysia is emerging as a promising destination.
But to ensure that the country benefits, it is fundamental that the industry ensures that its cybersecurity standards are top-notch - especially in the face of growing cyber-enabled intellectual property (IP) theft.
The semiconductor industry isn't just any sector in Malaysia; it’s a cornerstone of the country’s electronics industry.
The numbers speak volumes: In 2022, semiconductors accounted for 65% of Malaysia’s total electrical and electronics (E&E) exports and were valued at US$67.83bil (RM386.89bil).
The government's vision for 2025 aims to further elevate this contribution, focusing on developing high-value products and support for R&D investment.
But there are questions about what’s next for the semiconductor industry amidst a global tech environment characterised by strategic competition, particularly as more nations become willing to use all instruments of national power – including cyber – to secure economic and strategic goals.
Theft of IP by nations for commercial gain – known as economic cyber espionage – is an emerging threat to both advanced and developing economies alike.
Peter Wennink, CEO of Dutch multinational corporation ASML, has already warned that the threat of IP theft is much higher today as great power competition spills over the tech domain.
With many countries working vigorously to develop their semiconductor industries, there is the potential that Malaysia, along with many other countries in South-East Asia, will become more vulnerable to cyber intrusions that aim to steal commercially valuable materials.
A report by the Australian Strategic Policy Institute has found that increasing numbers of private entities are vulnerable to state-sponsored cyber intrusions, especially in South-East Asia. While only 3.6% of globally known cases of allegedly state-sponsored cyber
operations affected South-East Asian firms in 2014, the region’s private entities constituted 15.4% of all cases in 2020.
Furthermore, a review of state-sponsored cyber-operations in South-East Asia indicates that Malaysia has been among the largest targets, with energy and telecommunication firms being the focus.
Given their high levels of innovation, Malaysian companies are natural targets of economic cyber espionage. If the government is serious about advancing Malaysia’s semiconductor industry up the value chain, several things are worth considering.
First, awareness about the threat of cyber-enabled IP theft within the semiconductor industry must be enhanced. Key government agencies like CyberSecurity Malaysia and the National Cyber Security Agency would do well in providing information about cyber threats to industry stakeholders, as well as offering practical advice and support on what to do to defend themselves against this threat.
Given that hackers look for the weakest link, companies that work closely with the semiconductor industry can themselves be targeted in an attack. And while, generally, the semiconductor industry is under pressure to meet high cybersecurity standards, other partners and vendors along their supply chain are subject to far less cybersecurity scrutiny.
Second, the government should implement an IP resilience strategy that considers cyber-enabled threats. Such a strategy should focus on assessing the exact damage of IP theft in Malaysia and how IP protection will be protected moving forward. These arrangements should be multifaceted, firstly by conducting a thorough assessment of the actual impact of IP theft within the country.
Grasping the extent and details of the damage caused, both in terms of economic impact and hindrance to innovation, is essential in the development of targeted policy responses.
In Malaysia, the current absence of a mandatory system for reporting cyber incidents hinders comprehensive data analysis and pattern recognition of cybersecurity threats. This gap poses a challenge in deriving actionable insights for the semiconductor industry.
Lastly, the government should work closely with international partners – both within Asean and major semiconductor-producing countries – in promoting the norms of responsible state behaviour in cyberspace, particularly as it relates to the norm that states shall not steal IP for commercial gain.
Working with other countries to share threat information and best practices are some ways in which the government can protect IP within the semiconductor supply chain.
XING YEE WONG and DR GATRA PRIYANDITA
Australian Strategic Policy Institute
Canberra, Australia
Already a subscriber? Log in
Get 20% OFF The Star Digital Access
Cancel anytime. Ad-free. Unlimited access with perks.
