Abstract
Malaysian Public Sector (MPS) organizations span laterally within all ten critical sectors outlined in the National Cybersecurity Policy (NCSP). Critical Information Infrastructure Protection (CIIP) initiatives are mainly driven by the overarching NCSP and the National Cybersecurity Strategy. Down the hierarchy, CIIP initiatives become more focused at the sectoral level. However, a dedicated CIIP framework for the MPS is currently unavailable thus giving an opportunity for research in this area. This paper explores current CIIP requirements pertinent to MPS sectoral needs. The method used is comparative analysis. In this paper, analyzed resources include international organizations requirements, key national policy documents, published official directives, circulars, guidelines and tools related to the MPS CIIP. The study findings have shown that risk management and resilience are among the emerging themes. A total of 21 external strategic requirements and 26 available internal resources are identified. A comparison of MPS Cybersecurity Framework (RAKKSSA) against NIST Cybersecurity Framework is also established to highlight CIIP. For future work, five recommendations are proposed as guidelines for developing MPS CIIPÂ Framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
GFCE Global Good Practices Critical Information Infrastructure Protection (CIIP) (2017). https://www.thegfce.com/good-practices/documents/publications/2017/11/21/critical-information-infrastructure-protection-ciip. Accessed 31 Dec 2019
Dunn, M.: Understanding critical information infrastructures: an elusive quest. In: The International CIIP Handbook, pp. 27–53 (2006)
Wilson, C.: Cyber threats to critical information infrastructure. In: Cyberterrorism, pp. 123–136. Springer, New York (2014)
Gartner Glossary. https://www.gartner.com/en/information-technology/glossary/operational-technology-ot. Accessed 31 Dec 2019
International Communication Union Global Cybersecurity Index (GCI) (2018). https://www.itu.int/pub/D-STR-GCI.01. Accessed 31 Dec 2019
Malaysia Academy of Sciences: Cyber Security: Towards a Safe and Secure Cyber Environment (2018)
Abdullah, F., Mohamad, N.S., Yunos, Z.: Safeguarding Malaysia’s cyberspace against cyber threats: contributions by cybersecurity Malaysia. OIC-CERT J. Cyber Secur. 1(1) (2018)
Hashim, S.: Malaysia’s national cyber security policy towards an integrated approach for cybersecurity and critical information infrastructure protection (CIIP). In: Proceedings: ITU Regional Cybersecurity Forum for Africa and Arab States, Tunis, Tunisia (2009)
National Cyber Security Agency (NACSA): Directive on Notification of Government Computer Emergency Response Team (GCERT) Management Function by NACSA. Putrajaya (2019)
National Cyber Security Agency (NACSA): Directive on Public Sector ICT Security Officer Notification. Putrajaya (2019)
ENISA: Stocktaking, Analysis and Recommendations on the Protection of CIIs. European Union (2016)
United Nations: UN Assembly Resolution A/RES/58/199: Critical Infrastructure (2004)
G8 Principles for Protecting Critical Information Infrastructures (2003)
OECD: OECD Recommendation of the Council on the Protection of Critical Information Infrastructures. Seoul, Korea (2008)
International Telecommunication Union (ITU), The World Bank, Commonwealth Secretariat (ComSec), The Commonwealth Telecommunications Organisation (CTO), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE): Guide to Developing a National Cybersecurity Strategy—Strategic Engagement in Cybersecurity (2018)
ENISA: Threat Landscape and Good Practice Guide for Internet Infrastructure. European Union (2015)
ENISA: Methodologies for the Identification of Critical Information Infrastructure Assets and Services. European Union (2014)
ENISA: Measurement Frameworks and Metrics for Resilient Networks and Services. European Union (2010)
Commonwealth Telecommunication Organization: Commonwealth Approach for Developing National Cybersecurity Strategies a Guide to Creating a Cohesive and Inclusive Approach to Delivering a Safe, Secure and Resilient Cyberspace. United Kingdom (2014)
GFCE-MERIDIAN Process: The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for Governmental Policy-Makers. TNO, Netherlands (2016)
Malaysia Administrative Modernization and Planning Unit (MAMPU): Public Sector Cyber Security Framework. In: Rangka Kerja Keselamatan Siber Sektor Awam (RAKKSSA). Cyberjaya (2016)
NIST Cybersecurity Framework Website. https://www.nist.gov/cyberframework. Accessed 31 Dec 2019
Teoh, C.S., Mahmood, A.K., Dzazali, S.: Is NIST CSF applicable for developing nations? A case study on government sector in Malaysia. In: 21st Pacific Asia Conference on Information Systems (PACIS), pp. 101–111. Association for Information Systems (AIS), Langkawi (2017)
Malaysia Administrative Modernization and Planning Unit (MAMPU): Malaysian Public Sector Management of Information & Communications Technology Security Handbook (MyMIS). Putrajaya (2002)
Malaysia Administrative Modernization and Planning Unit (MAMPU): MAMPU Director General Directive Letter Implementation of Information Security Risk Assessment Using MyRAM App 2.0 in the Public Sector Agencies. Putrajaya (2015)
Malaysia Information Security Governance, Risk Management and Compliance (MyISGRC) App. https://www.mampu.gov.my/en/myisgrc-bi. Accessed 31 Dec 2019
National Cyber Coordination and Command Center NC4 Portal. https://www.nc4.gov.my. Accessed 31 Dec 2019
Malaysia Government: Act 88 Official Secrets. Federal Gazette, Malaysia (1972)
Malaysia Government: Act 298 Protected Areas and Protected Places. Federal Gazette, Malaysia (1959)
National Cybersecurity Agency (NACSA) Website. https://www.nacsa.gov.my/government.php. Accessed 31 Dec 2019
Malaysia Administrative Modernization and Planning Unit Website. https://www.mampu.gov.my. Accessed 31 Dec 2019
Cybersecurity Malaysia Resources Download. https://www.cybersecurity.my/en/knowledge_bank/info_guiding/best_practices/main/detail/639/index.html. Accessed 31 Dec 2019
Malaysia National Security Council: National Security Policy. Putrajaya (2017)
Ministry of Home Affairs Malaysia: Public Safety and Security Policy. Putrajaya (2019)
Ministry of Defense Malaysia: Defense White Paper. Kuala Lumpur (2019)
Acknowledgements
We would like to express our outmost gratitude to the Public Service Department Malaysia, for the sponsorship of this research under the Federal Training Award Scholarship.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sabtu, S.B.M., Mohamad, K.M. (2021). Critical Information Infrastructure Protection Requirement for the Malaysian Public Sector. In: Saeed, F., Al-Hadhrami, T., Mohammed, F., Mohammed, E. (eds) Advances on Smart and Soft Computing. Advances in Intelligent Systems and Computing, vol 1188. Springer, Singapore. https://doi.org/10.1007/978-981-15-6048-4_32
Download citation
DOI: https://doi.org/10.1007/978-981-15-6048-4_32
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-6047-7
Online ISBN: 978-981-15-6048-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)