As part of the Sarawak Digital Economy Strategy on cyber security, among the strategic actions includes protecting the State’s Critical Information Infrastructure (CII).
Under this strategic action, it noted that an advanced Security Operation Centre (SOC) is vital to protect Sarawak from and manage cyber-attack by a team of highly skilled cyber-security analyst.
SOC can be defined as a facility that houses an information security team to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes.
On the national level, the Ministry of Communication and Multimedia Malaysia defines the Critical National Information Infrastructure (CNII) as those assets (real and virtual), systems and functions that are vital to the nations.
Their incapacity or destruction would have a devastating impact on:
- National economic strength – Confidence that the nation’s key growth area can successfully compete in global market while maintaining favourable standards of living.
- National image – Projection of national image towards enhancing stature and sphere of influence.
- National defence and security – guarantee sovereignty and independence whilst maintaining internal security.
- Government capability to functions – maintain order to perform and deliver minimum essential public services.
- Public health and safety – delivering and managing optimal health care to the citizen.
(Source: Ministry of Communication and Multimedia Malaysia website)
The CNII sectors comprises of:
- National Defence & Security
- Banking & Finance
- Information & Communications
- Energy
- Transportation
- Water
- Health Services
- Government
- Emergency Services
- Food & Agriculture
(Source: Ministry of Communication and Multimedia Malaysia website)
Protecting the Sarawak CII is important as it may affects various sectors and industries.
Without protection, sectors such energy, agriculture, logistics and transportation, public and welfare services, telecommunication, water treatment, eCommerce and many more are vulnerable to attacks.
The State’s CII hold the data or information that is vital to ensure the various industries and sectors in Sarawak to operate smoothly.
These days, threats such as cyber-attacks, pandemics, technical failures, attacks of terrorism, as well from extreme weather poses great danger to the critical information infrastructure.
Around the globe, news reports have been reporting of cyber attacks causing major incidents affecting the wellbeing of the people.
For examples, the WannaCry Ransomware attack in 2017 had forced 16 hospitals across United Kingdom to shut down as the attack has freeze systems and encrypted files.
Also, in the same year, a power cut hit Ukraine’s capital Kiev for over an hour just before midnight, amounting to a loss of about one-fifth of Kiev’s power consumption then of night.
Therefore, to protect the CII, countries around the globe has practice several measures to curb against any cyber-attacks.
For instance, the government or organisations can carry out an analysis of their IT systems to detect any vulnerabilities or weak points. That way, more focus given to these weak points or be isolated from the rest of the system if needed.
Another way to protect CII is to outline all possible attack scenarios and reinforcing the points of resistance of each of them even if it is just to slow down the attacker.
Besides this, if when a company or organisation come under a cyber-attack, there should be a clear definitive regulations or measures in handling such incident.
For instance, in France, companies have to share all relevant data and details should they come under a cyber-attack, and they have to actively develop cybersecurity awareness among their employees.
Another way that other countries protect their CII is by working through international channels. For example, Finland believes that international collaboration to tackle threats to both social cohesion and critical infrastructure.
In the age of Internet of Things (IoT), the increasingly connected world can pose danger to CII and therefore it is crucial for the State to be constantly aware of the protective measures and alternative steps in defending its CII against any cyber threats.
