Cybersecurity Malaysia: Lessons in Building CapacityMalaysian Security Leader Amiruddin Wahab on Collaboration
With countries in South Asia and the Middle East working rapidly to bring their cybersecurity infrastructures up to speed and build necessary capacity, the need for regional cooperation is keenly felt, and efforts are ongoing to build information sharing networks - an uphill task given the differing levels of maturity at a national level in the region.
One of the voices leading these efforts is that of Dr. Amiruddin Bin Abdul Wahab, the CEO of Cybersecurity Malaysia, which leads the nation's cybersecurity initiatives.
"Cyber threats are borderless issues, and we cannot work alone. We have to work with various players, whether bilaterally or multilaterally, whether private or public, even with academia," he says. "There is a need for information sharing and for enhancing collaboration in cybersecurity."
Working alone, one does not get far in this domain, he believes. He says that domestically in Malaysia, CyberSecurity Malaysia, formerly MyCERT, works in tandem with different public sectors and with the industry, in addition to academia. Efforts include building capacity, talent and strengthening the ecosystem in terms of research and development.
At the same time, Wahab believes there is a need to work with other governments in the local region and with multinational companies and national CERTs to cooperate and build cybersecurity capacity. However, one of the many challenges in effective cross-regional cooperation in cybersecurity is the differing levels of awareness and maturity from country to country, he says.
"Some countries are quite advanced and have initiatives at the national level to deal with cybersecurity issues and give overarching guidance," he says. "But at the same time there are also countries that don't even have a CERT-like organization at the national level."
To build appropriate capacity at the national level in cybersecurity, Wahab advises that it is important to start with the people at various levels, and then look at the technical capabilities. This is the right way to go about building capacity in his experience (see: Searching for Cybersecurity Leadership).
"There is a need to look at cybersecurity beyond just technological issues. A proper combination of people, process, policy and governance is needed, followed by the right technology that meets the specific requirements of each country," he says. "Technology will keep changing but, we having to tackle the weakest vulnerable point, which is the people."
Wahab was a keynote speaker at the recently held Middle East Security Conference and Awards in Dubai, where he spoke about the need for regional information sharing and collaboration, citing Malaysia's experiences (see: Inside Dubai's MESA Security Event).
In this exclusive interview with Information Security Media Group (see audio player link below image), Wahab shares his experiences and lessons from leading Malaysia's cybersecurity initiatives and insights on how similar success can be emulated in other countries in the region. He speaks about:
- The importance of cross-regional cooperation and a framework for it;
- Capacity building at a national level: challenges and answers;
- Lessons for building cybersecurity at a national level.
Wahab, with more than 20 years in ICT in telecom and IT sectors in the government, semi-government and private sectors, is chairman of World Trustmark Alliance. As under secretary of the ICT Policy Division, MOSTI Malaysia, he led ICT development programs and activities, including serving as head of the Secretariat to the National Information Technology Council Malaysia.