CDNetworks: An Analysis of the Proposed Cyber Security Bill 2024

The recent passage of Malaysia’s Cyber Security Bill 2024 on 3 April has ushered in a new era of cyber vigilance for the nation. CDNetworks, the APAC-leading network to deliver edge as a service, welcomes this pivotal legislation as a crucial stride towards enhancing Malaysia’s cyber resilience. Aligning with our mission to safeguard digital ecosystems, we laud the bill’s proactive approach to fortifying the nation’s critical information infrastructure against ever-evolving cyber threats.

The bill introduces a robust governance framework spearheaded by the National Cyber Security Committee, chaired by the Prime Minister himself. This high-level oversight underscores the nation’s commitment to orchestrating a coordinated cyber defence strategy. Additionally, the designation of lead agencies for each critical sector ensures focused efforts in bolstering the cyber readiness of key entities across banking, energy, transportation, healthcare, and beyond.

Moreover, a key provision of the legislation is that organisations designated as operating critical information infrastructure will be required to comply with certain minimum cyber security standards and risk management principles. Enacting regular risk assessments, security check-ups, incident reporting, and operating certified security controls will substantially strengthen Malaysia’s cyber defences against the threats posed by advanced cyber adversaries.

Another positive aspect of the bill is the introduction of a licensing framework for cybersecurity service providers. This is expected to enhance accountability and attract talent to the sector. “As the passage of the Cyber Security Bill 2024 marks a significant milestone, we at CDNetworks believe that continuous enhancement will be key to attaining holistic cyber resilience,” said Yien Wu, Head of Sales, SSEA at CDNetworks. “For example, at CDNetworks, we have a strategically placed office and a global support centre based in Malaysia to bolster local talent and support our operations. As trusted partners in cloud security, we stand ready to support Malaysian businesses in navigating this evolving landscape and share our global insights to strengthen the nation’s cyber defences.”

The bill’s focus on National Critical Information Infrastructure (NCII) security also creates a significant market opportunity for cloud providers offering robust security solutions. Cloud providers like CDNetworks can emphasise their ability to safeguard sensitive data and meet NCII compliance requirements, thereby assisting organisations in their journey towards compliance and enhanced security.

Drawing from our extensive experience in safeguarding cloud infrastructures worldwide, we propose several areas for consideration:

1. Broadening the scope: The bill must be extended to cover all sectors that treat sensitive data where the attention is currently focused despite the fact that it is important. For example, the element should cover e-commerce, telecommunications, and media businesses other than critical infrastructures.

2. Enhancing cloud security: Guidelines and compulsory actions to be taken by cloud providers on various components such as safety of data & information, business recovery, and cloud setting with enforcement would need to be developed.

3. Promoting cyber security by design: Organisations need to promote the importance of integrating protection from the design phase of enterprise technology environments.

4. Addressing the cyber skills gap: Implementing initiatives to cultivate a larger pool of trained cyber security professionals through skills development programs, hands-on training platforms, and research incentives.

5. Fostering public-private collaboration: Establishing structured partnership frameworks for intelligence sharing and coordinated response between government agencies, security vendors, and enterprises.

6. Cross-border enforcement: Aligning Malaysia’s cyber regulations with global standards and best practices to enhance cross-border deterrence against cyber threats.

Furthermore, we advocate for a proportionate licensing regime that focuses on core security services without hindering legitimate activities like security research or penetration testing. This balance will foster innovation and ensure that the licensing framework does not inadvertently stifle the growth of the cybersecurity sector. We also encourage the National Cyber Security Agency (NCSA) to issue clear guidelines on data residency requirements. Such clarity will address customer concerns, promote cloud adoption, and provide a stable regulatory environment for businesses and cloud providers alike.

We strongly push for organisations to work with trusted cloud security partners established in the field to ensure robust cyber protection. Throughout this pursuit of change and transformation in cyber security, CDNetworks will continue to work with the government, industry partners and businesses. Combining our expertise and building a robust ecosystem of cooperation, we can guide our nation to a future where progress and development in the digital space and at national levels are secured and sustained by resilient cyber protection.