By Bradley Fowler, MA, MSc., MPP
Increased Cybercrime continues impacting deterrence efforts deployed by National Security strategist globally. Unlike the United States and European Commission who have developed and implemented clearly conveyed national cybersecurity public policy strategies, to gain control over the threats and vulnerabilities impacting these territories technologies. East Asia countries such as Malaysia, Thailand, and Nepal have also attempted to develop national cybersecurity public policy strategies, that render clarity on what efforts are needed to increase deterrence and improve awareness training for public and private sector. However, seemingly these national cybersecurity public policies embody weaknesses and threats that need to be evaluated thoroughly, if these policy efforts are going to be beneficial, if at all. Thus, this article shares details about the development of two East Asia countries (e.g., Malaysia and Nepal) national cybersecurity public policy strategies and convey the strengths, weaknesses, opportunities, and threats each policy engulfs. This article will also share recommendations to improve the weaknesses and threats identified in each country national cybersecurity public policy.
Malaysia’s current population is 32, 614, 842 (Worldometers.info, 2021). The current trend of cybercrimes impacting this country includes malware, spoofing, high yield investment program, e-Commerce fraud, child pornography, online gambling, and user-generated content personal journalism. Since the initial installment of cybercrime initiatives deployed in Malaysia in 1997, when the country shared its Computer Crime Act. Malaysia has taken additional steps to introduce enhanced deterrence measures that includes Malaysia’s Communications and Multimedia Act 1998, Malaysian’s Communications and Multimedia Commission Act 1998, Digital Signature Act 1997, Copyright Act 1997, Telemedicine Act 1997, Optical Disc Act 2000, and the Electronic Transactions Act 2006. Even though these policies and laws have been enacted, Malaysia cybercrime continues to soar. In fact, from 2007-2012, the number of recorded cybercrimes committed in Malaysia was 24, 314 (Majid, n.d.). Since 2012, the number of Cybercrimes committed in Malaysia has almost tripled, with online child pornography and online fraud including e-commerce fraud ranking highest.
A method of deterrence has invoked Malaysia’s government to mirror efforts deployed by the United States and European Commission, and developed the National Cybersecurity Policy, which attempts to address risks to the Critical National Information Infrastructure that encompasses the networked information systems of ten sectors: banking and finance, information and communications, energy, transportation, water, health services, government, emergency services, and food and agriculture. Malaysia’s National Cybersecurity Policy strengths include efforts to willfully collaborate with public and private sector internationally, to deter and thwart unwanted cyberattacks and cybercrime. Increased efforts to audit Malaysia’s cyberlaws to address alignment with current cybercrime trends nationally and internationally, and effectively nurturing a continued surge in educating and training Malaysians’, to take an active role in protecting the country from cybercrime.
However, there are also weaknesses in Malaysia’s National Cybersecurity Policy that should be addressed. First, there is a lack of effort deployed to enact laws that penalize cybercriminals acting offshore. This includes cyberattacks, cyberterrorism, and cyber espionage. There is also a low effort to implement effective cybersecurity technology framework specifying cyber domains (e.g., cybercrime, cyber terrorism, and information systems security). There is also an absence of accountability policy that enforces internet service providers to align their security efforts, to protect the personal data of Malaysia citizens.
However, there are many opportunities enveloped in Malaysia’s National Cybersecurity Policy that outweigh the weaknesses. First opportunity is deploying efforts to sponsor an International Cybersecurity Conference. Second is deploying efforts to enhance knowledge base of public and private sector on information system security, information security, and cybersecurity. Also, there is an opportunity to implement efforts to increase marketing cybersecurity, information security, and information systems security, nationally, via print, digital media, webinars, billboards, and television. The most apparent opportunity is entrenched in the efforts implemented to increase national interest in cybersecurity workforce, to build a pool of subject matter experts.
Even though opportunities exist in Malaysia’s National Cybersecurity Policy, threats also exist. First obvious threat is neglecting to audit government information systems for effective security components that align with government standards and regulatory. Next, there is an obvious failure to audit private sector, regarding information system security; particularly when private sector stores citizens’ personal data and/or exchanges such with third party. Last, there is a threat of failing to implement international laws and policy to enhance Malaysia’s national security.
In Nepal, where the population is 29,430,213 (Worldometer.info, 2021). cybercrimes commonly committed include e-gambling, cyberterrorism, and cyber financial crimes (Interpol, 2021). However, efforts to decrease these crimes conveyed in the Nepal National Cybersecurity Policy published in 2016, encompasses many strengths. First strength is Nepal’s understanding of their need for risk assessment, risk management, and countermeasures to minimize risk and maximize benefits. Nepal National Cybersecurity Policy also engulfs a strength of conveying a truth that most cybercrimes committed internally, derive from remote accessible locations both nationally and offshore. Nepal National Cybersecurity Policy also encompasses the strength to provide citizens updated information about cyber threats and best practices to defend against those threats, as well as align all cybersecurity policy, with international best practices. It is also noted that Nepal’s National Cybersecurity Policy shares relevance of implementing a National Computer Emergency Response team and building stronger public/private partnerships. Most important, Nepal thrives to align its cybersecurity standards and guidelines with ISO 27001.
Of course, there are weaknesses that must be addressed within this National Cybersecurity Policy. First, Nepal has rendered total control over the development of the National Cybersecurity Policy to the Nepal Telecommunication Authority, and not primarily into the hands of Nepal’s government. Nepal also lacks skilled cybersecurity experts. There is also a slow progression to select, educate, and train new cybersecurity experts. Furthermore, there is a lack of offshore prosecution of cybercrimes and cyberattacks targeted at Nepal’s government and Nepal’s private sector. Last, there is a lack of information systems security policy aligning with international guidelines and recommendations; particularly those rendered by the United States and the U.S. Department of Commerce and The National Institute of Standards and Technology NIST SP-800-53.
Luckily, the opportunities and strengths outweigh the weaknesses. For instance, Nepal can increase technology training programs, e.g., academics that effectively prepares Nepal citizens to become instrumental in deterring and combating information systems vulnerabilities and threats. Nepal also can enact laws that enhance prosecution of cybercrimes committed nationally and offshore. Nepal can also build stronger alliances with international governments and law authorities, to bridge the gap of communication and exchange of cybercrime incident reporting. Most importantly, Nepal can align the NCSWG (National Cybersecurity Strategy Working Group) minimum requirements and qualifications for information security professionals, who will serve as basis for the development of a related curriculum.
Unfortunately, there are several threats that Nepal needs to address in their National Cybersecurity Policy. First, the NPCERT neglects to stay current in cyberattacks and cybersecurity trends internationally, which could reduce the ability to prepare for potential attacks targeted at Nepal’s public and private sector, computer and information system networks, servers, and databases. There is also a noticeable neglect to develop an evaluation/certification program for cybersecurity services, products, and systems that can be updated as needed and remain relevant to current trends in technology usage, crime, and attack methods. Finally, Nepal acknowledges a lack of educating primary and high school students, once a year, about cybersecurity. This is an ineffective approach to preparing primary and high school students to know how to effectively deter and prevent cybersecurity breaches and/or combat vulnerabilities enveloped in technology commonly relied upon.
Like many countries and member nation states thriving to deter and prevent cybercrimes, Malaysia and Nepal are no different in the fight against cybercriminals, who engage in cybercrime with little fear of prosecution; even when those cybercrimes are committed offshore. To help impact this arrogance and callous attitude, both Malaysia and Nepal should join forces with the United States and European Commission, and all other countries and member nation states governments and law enforcement authorities, to begin aligning, their National Cybersecurity Policy with international laws that govern electronic communication and digital communication. This should include all components enveloped in technology usage tools that public and private sector rely on to conduct business, government affairs, banking, academics, information development, storing, and sharing, as well as secure and manage water, electricity, and health data information.
It is also recommended that Malaysia and Nepal increase cybercrime awareness training and education programming that enables primary, high school, and college students the ability to gain essential knowledge and skills, to become effective leaders in deterring and combating cybercrime within these territories. Lacking efficient cybersecurity skills subject experts, is an impact to the ability to deter cybercrime, because the number of cybercriminals can often out rank the number of educated citizens a country or member nation state possesses. With a combined population of 62,045,055 both Malaysia and Nepal must increase efforts to employ cybercrime prevention subject matter experts if these countries intend to win their war against cybercrime.
Additionally, it is most important that both countries focus more efforts on deploying information security policy that encompasses information systems and security for these systems. Information systems help all industries conduct daily operations and when these systems are not secured effectively, there is room for human error to invoke malware attacks to impact catastrophically. After all, Microsoft News Reporter Dashika Gnaneswaran reported in 2018 that cybercrimes in Malaysia cost the country $12.2 billion U.S. dollars, which is more than 4 percent of Malaysia’s total GDP of U.S. $296 billion (Gnaneswaran, 2018).
It is essential that government and law enforcement agencies understand the severity of citizens’ cybersecurity and information system security awareness training. Lacking the force to educate citizens on their role and responsibilities, is one effort that cannot be ignored. Furthermore, it is just as essential to audit all public and private sector information systems hosting, storing, and sharing citizens personal data. In doing so, countries can begin gaining control over the lack of security deployed within information systems. Not holding those accountable that oversee the storage of personal data, is a fault many countries governments embody. These steps are minor efforts that should be common practice. After all, we have been educating societies about cybercrime since the year 2000. With the growing rate of cybercrime, there is not enough trained subject experts willing to invest in themselves or their countries, to gain control over the widespread impact of cybercrime. Thus, it is time everyone steps up and act in defending their technology and personal data.
After all, regardless of cybercrimes in Asia are committed in the South or East, cybercriminals cross borders to enact their crimes, hoping that doing so can decrease their chances of being captured and prosecuted. Unless laws are enacted that punish cybercriminals offshore and nationally, the war against cybercrime will not be an easy fight to win. Instead, cybercriminals will continue finding loopholes to escape prosecution, while governments and law enforcement agencies, continue wasting effort and funding fighting against criminals that have no names or faces, and IP addresses that remain camouflaged by VPN systems, cybercriminals are learning to utilize in their favor. Thus, it is imperative that all countries and member nation states thrive to stay steps ahead of cybercriminals, by enacting increased cybercrime penalties that should include life sentences in prison systems around the world. This act of deterrence may very well be the best approach to grabbing the attention of the world’s most notorious cybercriminal gang members and independent cybercrooks.
National Cybersecurity Policy, 2016. (2016). Nepal Government. Retrieved [2/7/2021] from: https://nta.gov.np/wp-content/uploads/2018/05/Nepal-Cybersecurity-Policy-Draft.pdf
Gnaneswaran, D. (2018). Microsoft News, Cybersecurity threats to cost organizations in Malaysia US $12.2 billion in economic loses. Retrieved [2/8/2021] from: https://news.microsoft.com/en-my/2018/07/12/cybersecurity-threats-to-cost-organizations-in-malaysia-us12-2-billion-in-economic-losses/#
Interpol.int. (2021). Fighting Organized Crimes in Nepal. Retrieved [2/7/2021] from: https://www.interpol.int/en/Who-we-are/Member-countries/Asia-South-Pacific/NEPAL
Majid, M.B.D. (n.d.) Royal Malaysia Police. Retrieved [2/7/2021] from: https://www.mcmc.gov.my/skmmgovmy/media/General/pdf/DSP-Mahfuz-Majid-Cybercrime-Malaysia.pdf
Pexels.com (2021). Header Image. Retrieved [2/7/2021] from: https://images.pexels.com/photos/6545379/pexels-photo-6545379.jpeg?auto=compress&cs=tinysrgb&dpr=3&h=750&w=1260
WorldoMeters.info. (2021). Malaysia Population. Retrieved [2/7/2021] from: https://www.worldometers.info/world-population/malaysia-population/