Nacsa: Cybersecurity Bill is planned to be tabled on March 25 in Parliament

PETALING JAYA: The long-awaited Cybersecurity Bill is planned to be tabled in Parliament on Monday (March 25), according to a spokesperson from the National Cyber Security Agency (Nacsa).

According to a statement from Nacsa, the Bill will give it a legal mandate to set cybersecurity standards that must be abided to by organisations classified as National Critical Information Infrastructure (NCII), with non-compliance leaving them subject to legal action.

NCII, the new name replacing Critical National Information Infrastructure (CNII) in the Bill, includes systems that could have an impact on “national defence and security, national economic stability, national image, the government’s ability to function, public health and safety, as well as individual privacy” in the event of disruption or destruction.

Sectors categorised under NCII include the government, national defence and security, banking and finance, information and communications, energy, transportation, emergency services, water, health services, agriculture and plantations, and trade, industry and economy.

“Nacsa is committed to monitoring national cyber threat activities through NC4 (National Cyber Coordination and Command Centre), upgrading capabilities and capacities in terms of technology or expertise to ensure national sovereignty and security are upheld,” it said in a statement.

The Bill’s tabling was originally slated for the end of last year or early this year.

It also stated that “cybersecurity is a shared responsibility, and Nacsa also continuously collaborates with local and international authorities to assist in investigations, tracking, and apprehending perpetrators”.

The NC4 and Nacsa also observed an increase in cybersecurity incidents in Malaysia up to February 2024, reflecting a similar global trend.

The threat actors targeted websites, online systems, networks, and applications owned by high-profile private and government organisations in Malaysia that have vulnerabilities.

Nacsa, the government agency overseeing cybersecurity incidents in Malaysia, claimed that the NCII organisations targeted by cybercriminals proactively reported the incidents to Nacsa for coordination and monitoring.

According to the agency’s analysis, there were more attacks using infostealer malware to steal credentials. These attacks don’t require a lot of technical knowledge or understanding; instead, they take advantage of people who aren’t protecting their identities well in the IT environment.

Following a meeting on Jan 29, threat levels were raised from low to moderate to ensure organisations took proactive action to protect themselves and enhance their readiness to protect critical assets.

In the short term, Nacsa recommends the installation of device-compatible antivirus software, the changing of passwords, and enabling multi-factor authentication (MFA).