IN the age of a hyper-connected global economy, cyberspace does not only open up fundamentally-new opportunities for futuristic developments but also brings in new challenges and risks, and represents one of the leading unconventional threats to global security.
For developing economies like Malaysia, digitalisation has been identified as a top priority and backbone of a high-tech economy moving forward, especially set against the current global trend of the fourth – and now the emerging fifth – industrial revolution of various sectors, with perhaps the most familiar being e-commerce, which uses e-payment as a medium of financial transaction.
The intensification of digital trends in Malaysia, in terms of their mass appeal and usage, also exposes us to the dangers and heightened risks such as hacking. In the early 2000s, the websites of Parliament and University Technology Mara were hacked, and the contents of homepages appeared in a foreign language.
The scenario recurred in 2011 but on a broader scale when a group, simply self-styled “Anonymous”, threatened to expose confidential documents after successfully hacking into fifty-one government official websites. That served as a reminder of how fragile our national cyber security system had been (“Hackers disrupt 51 Malaysian government websites”, Reuters, 2011).
To enhance and consolidate national cyber security governance in Malaysia at the “macro”-level, the government established the National Cyber Security Agency (Nacsa) in February 2017 to coordinate the security of our Critical National Information Infrastructures.
At the “micro”-level, there is e.g. the annual X-Maya/National Cyber Crisis Exercises, jointly organised by the National Security Council (NSC) and Cyber Security Malaysia, in collaboration with the private sector – and hence, a public-private partnership initiative – which aims at assessing the readiness of critical infrastructures against cyber attacks to create a resilient digital environment against systemic cyber risks.
As a result, Malaysia has been listed as one of the top 10 countries with a high commitment to cyber security in the Global Cyber Security Index 2020 report (“Saifuddin: Malaysia ranked among top 10 countries with highest commitment to cyber security”, Communications and Multimedia Ministry).
Despite the constant and repeated readiness exercises and stress tests, and also the upgrade to newer technologies or higher levels of technical/technological sophistications, the critical issue is whether or not we can still keep pace with the fast-emerging and ever-rising new cyber threats that seem to be constantly lurking “in the background”?
Since Covid-19, cyber crime has been up by 600% as per the United Nations Office on Drugs and Crime for Southeast Asia and the Pacific. Global spending on cyber security is predicted to exceed US$1 trillion (RM4.63 trillion). According to Kaspersky, cyber attacks grew from 32,500,000 globally in 2021 to almost 35,400,000 this year.
One of the most rapidly evolving pernicious forms of cyber threats is ransomware – a type of malware that involves extortion, whereby hackers prevent users from accessing data until a ransom is paid. Ransomware is 60 times more destructive currently than it was in 2015 as per cyber security firm PurpleSec.
Furthermore, Norton has highlighted (from CheckPoint Software Technologies) how ransomware attacks increased by 102% in 2021, compared with the beginning of 2020, and “show no sign of slowing down”. The modus operandi has even metamorphosed into Ransomware as a service – where operators provide the infrastructure required to perform a ransomware attack (for “affiliates”), together with the payment portal (for victims) and also, as the case may be, “customer service” i.e. for overriding the ransomware concerned.
In Malaysia, more than 20,000 cyber crimes were reported in 2021 alone, which involved losses of at least RM560 million. Between 2017 and 2021, the country suffered losses of about RM2.23 billion due to cyber crimes. Along with that arises the critical question of the sufficiency and adequacy of the relevant laws in place.
The foiled cyber heist attempt on Bank Negara in 2018, which sought to facilitate unauthorised fund transfers using falsified Swift (Society for Worldwide Interbank Financial Telecommunication) messages sparked intense public outcry and nearly undermined confidence in the payments/settlements system.
The settlements system is crucial for interbank movement and shifting/shuffling of reserves, and the rise in the Overnight Policy Rate could see Bank Negara intervene to manage liquidity on a more frequent basis to ensure the target rate can be hit.
Furthermore, the Employees Provident Fund (EPF) bond holdings may come under increasing pressure due to the double squeeze from higher interest rates emanating domestically and overseas. This, in the local context of depleted EPF funds which may lower the local bid-to-cover auction ratio, in turn could further push up borrowing costs attractive to overseas investors, but further depressing the ringgit with the sell-offs, as in outflows, in a “feedback” or “doom” loop, on the one hand.
On the other hand, EPF may be “forced” to “cap” its allocation for bonds in favour of overseas investment to try to reap higher returns amid extreme volatility and uncertainty in the overseas markets that are also suffering from a self-inflicted energy crisis.
By the end of 2024, Malaysia is expected, on the optimistic side, to have 80% of densely-populated areas covered by 5G networks (“5G Technology: Moving industries by leaps and bounds”, Malaysian Investment Development Authority). This raises concerns of potential escalation in ransomware, botnets and “distributed denial of service” attacks, etc.
As the global race towards digitalisation becomes more acute, the need for cyber diplomacy will also become more vital since cyber threats, like any other challenges, require multilateral and bilateral cooperation. This explains the logic of state engagement in cyber diplomacy.
Cyber diplomacy is an instrument of statecraft that sovereign states use to achieve their national interest goals in cyberspace. In the regional context, Malaysia has actively engaged in Asean-led mechanisms such as the Asean Regional Forum (ARF), Asean Network Security Action Council (Ansac), etc.
During the 5th ARF Open Ended Study Group (OESG) on Confidence Building Measures held in Kuala Lumpur in 2020, Russia presented a proposal to develop a lexicon of basic terms and definitions of ICT security in response to cyber incidents – which was also supported by China – to define remedial action.
In response, the NSC via Nacsa hosted Cydes 2020, the first of its kind in the region, in June 2020 in Langkawi to discuss technological solutions to combat cyber threats by inviting ARF dialogue partners including US and Russia (Co-chairs’ minutes – 5th ARF OESG).
In continuity, Cydes 2021 placed importance on closer engagement and networking with other states and international entities as top agenda in ensuring a more secure cyberspace. Outside of Asean and the ARF framework, the UK government has been assisting Malaysia over the past few years by sharing information through programmes like Cyber Talent, a collaboration between Asia Pacific University and the Malaysia Digital Economy Corporation, that aims to promote upskilling to address Malaysia’s growing need for cyber security specialists.
Furthermore, Malaysia and the US had also agreed to strengthen bilateral ties last year to expand digital collaboration, particularly in cyber security (“Malaysia, US to strengthen cooperation on cyber security, digital economy”, Communications and Multimedia Ministry).
However, engaging with our traditional friends alone is not enough. Hence, we must take full advantage of our country’s neutral stand by developing stronger collaborative ties with non-Western countries as well. This is in line with the broader vision of a rules-based multilateral order in cyber space, as clearly stated in the Asean Cyber Security Cooperation Strategy (2021-2025).
This is why Prime Minister Datuk Seri Ismail Sabri Yaakob has stated that Asean can leverage Russia’s background, experience and expertise in digital technologies to help combat cyber crimes (“PM: Asean can leverage on Russia’s expertise to combat cyber crimes”, Oct 28).
The complexity and diversity of cyber threats make collaboration with all parties a vital imperative. Although the West has rhetorically accused Russia of “cyber aggression”, it needs to be restated that Malaysia’s foreign policy interests diverge significantly from the West, and that we enjoy a cordial relationship with Russia.
Russia’s image in the eyes of many Malaysians is also not too unfavourable as compared with most countries in the Western hemisphere. The US has never shared Russia’s International Information Security approach, which prioritises national sovereignty (“Global cyber security at stake amid US and Russia’s disagreements”, Sept 7, 2021) – suspecting that the real motivation is the intention to legitimise the suppression of free cyber domains.
However, it cannot be emphasised that Russia is a global cyber power that cannot be ignored or sidelined. Russia plays a critical role in the international cyber order vis-a-vis the US, and has contributed significantly to the advancement of the digital security agenda in the United Nations and BRIC (major emerging countries Brazil, Russia, India and China) – providing a necessary counterbalance.
Russia has extensive networks in terms of cross-border cyber security regulations and enforcement because of its linkages with former member states of the USSR (Soviet Union), and it has also been claimed that Russian-organised crime has been financing local Malaysian hackers (“Cyber crimes in the former Soviet Union, and central and eastern Europe: Current status and key drivers”, The Quest to Cyber Superiority, 2016).
Close ties and collaboration with Russia will help to enhance our knowledge, exposure and capabilities in combatting cyber crimes, especially when the origins are outside Malaysia.
In addition, the fifth pillar under the Malaysia Cyber Security Strategy (MCSS) 2020-2024, which underlines “strengthening global collaboration”, is pivotal and should be an enabler for cyber diplomacy with other non-Asean members like Russia.
The MCSS document clearly highlights a comprehensive framework of engagement with state actors bilaterally that may include knowledge sharing, transfer of information exchange, training policy dialogues, jointly organised programmes and discussion on the harmonisation of legislation.
To this end, it is worth mentioning that we – as a middle power – are not seeking “co-dependence”, but rather “diversification of relationships”, which avoid “bandwagoning” and “hedging” with all players, including Russia. This is important because co-dependence on a particular foreign country can be risky – again, not least with cyber security implications.
Jason Loh and Hazriq Iqmal Abdul Aziz are part of the research team of EMIR Research, an independent think tank focused on strategic policy recommendations based on rigorous research. Comments: email@example.com