Cyber ASEAN conducts final country consultation in Malaysia

After implementing multistakeholder consultations in the Philippines, Viet Nam, and Indonesia, Cyber ASEAN held its final closed-door in-person event in Kuala Lumpur, Malaysia last September 5, 2023. Esteemed participants in the high-level workshop included representatives from Malaysia’s National Cyber Security Agency, Ministry of Foreign Affairs, Malaysia’s Armed Forces, Axiata Group Berhad, Microsoft Malaysia, CyberSecurity Malaysia, Sunway University, and IO Foundation.

His Excellency, Simon Fellows, Acting Australian High Commissioner to Malaysia, welcomed speakers and participants, noting Malaysia and Australia’s successful collaboration in cybersecurity, particularly in ASEAN. Mr. Fellows emphasized that the Cyber ASEAN project is a testament to Australia’s commitment to enhancing cybersecurity in Malaysia, and Southeast Asia.

Echoing Mr. Fellow’s remarks, Amir Hamzah Mohd Nasir from the Multilateral Division of Malaysia’s Ministry of Foreign Affairs discussed how Malaysia and Australia's collaborative efforts led to establishing the Points-of-Contact Directory at the ASEAN Regional Forum. The confidence-building measure enables ASEAN Member States and their dialogue partners, including Australia, to improve coordination in managing cybersecurity risks and vulnerabilities, and avoid any misinterpretation or escalation due to the borderless, and highly opaque nature of cyber incidents.

After the opening ceremony, Pacific Forum’s Director of Cybersecurity and Critical Technologies Mr. Mark Bryan Manantan, and Cyber ASEAN Malaysia expert Farlina Said co-chaired the four plenary sessions of the closed-door workshops. Like the previous country consultations held in Manila, Hanoi, and Jakarta, the Kuala Lumpur workshop assessed Malaysia’s understanding of and approach to international collaboration, international technical standards, information-sharing and incident response, and inclusion. 

During the workshop’s overview, speakers and participants underscored that cybersecurity is not just a policy or technical issue but also geopolitical. ASEAN member states are increasingly exposed to cyber incidents that may cripple the daily operations of critical national infrastructure. The current pace and tempo of cyber incidents must persuade ASEAN to enact more collective and coherent responses fit for the changing security environment. 

Representatives from the private sector shared that most Malaysian companies and businesses “adopt then customize” their approach to cybersecurity standards and frameworks. While large multinational companies have adequate resources to acquire ISO 27001 certification, smaller or medium-sized entities often use the NIST cybersecurity framework as their reference point. In most cases, most organizations in Malaysia follow the hybrid track of integrating elements present in ISO/IEC standards and the NIST framework in drafting cybersecurity operational guidelines. 

Although the information-sharing arrangements between public and private sectors in Malaysia are operational, more transparency is needed. Industry representatives highlighted the need for increased incentives that can facilitate or improve existing information-sharing partnerships. Relatedly, several stakeholders raised the need to shift from incident management to threat response. Adopting a threat response mindset will bring more advantages because it puts relevant stakeholders in a more proactive rather than reactive stance against cyber incidents, thus, minimizing potential damage to critical national infrastructure. 

Discussions on inclusion emphasized that quantity is a poor indicator of narrowing the gender inequity in cybersecurity capacity. Malaysian experts discussed the imperative of mainstreaming inclusion as a guiding principle in various interventions like data-sharing arrangements and transforming learning environments. Showcasing successful outcomes from such interventions can improve the integration of inclusion throughout the cyber policy-making process, from inception to implementation.

Held with support from DFAT’s Cyber and Critical Technology Cooperation Partnership, Cyber ASEAN is a capacity-building and development initiative seeking to advance Southeast Asia’s proactive role in strengthening its overall cybersecurity and resiliency posture. Learn more about Cyber ASEAN and key updates of the project through: https://cyberasean.pacforum.org/.