Malaysia
A 2018 report stated that cyberattacks could cost Malaysia up to 4% of its total Gross Domestic Product (MANC, 2018). Therefore, the Malaysian government drafted the Malaysia Cyber Security Strategy 2020-2024 (MCSS) to coordinate national-level efforts to combat this rapidly growing threat (NSC, n.d.). The MCSS will adopt a five-pronged approach to protect critical infrastructure and private citizens alike by promoting effective governance, strengthening relevant legislation, improving cybersecurity R&D, cultivating talent, and bolstering international collaboration (NSC, n.d.).
The first, and most critical, pillar focuses on strengthening partnerships between the public and private sectors to protect the Critical National Information Infrastructure (CNII), which the Malaysian government has deemed to consist of 11 critical sectors ranging from national defense and security to energy and health services (NSC, n.d.).
According to the MCSS, the central government established the National Cyber Security Agency to coordinate various agencies and stakeholders responsible for cybersecurity such as the Royal Malaysia Police, the Ministry of Communications, and the Ministry of International Trade (NSC, n.d.). In this vein, a cornerstone of this pillar is the 2021 revisions of the National Cyber Crisis Management Plan, which will establish set protocols for the reporting and mitigation of cyberattacks (NSC, n.d.).
Malaysia also places high importance on talent training through the third pillar of the MCSS. The central government plans to delegate the task of coordinating industry, academia, and research to MIMOS Berhad, Malaysia’s National Applied Research and Development Center. As such MIMOS will focus on topics such as privacy-enhancing technology and digital signatures to bolster security systems throughout the public sector (NSC, n.d.).
Moreover, the National Cyber Security Research and Development Roadmap will serve as a national-level guide in establishing cybersecurity training institutions such as the Centre of Excellence and the Cyber Security Start-Up Hub (NSC, n.d.). In March 2023, the Universiti of Teknologi Malaysia announced it would partner with Mastercard to “offer skills training, and courses on cybersecurity-related fields” (DNA, 2023) at the newly established UTM-Mastercard Cyber Innovation Hub. According to Mastercard Southeast Asia Division President Safdar Khan, the Hub will provide a model for public-private partnerships in addressing cybersecurity professional shortages (DNA, 2023).
The remaining pillars of the MCSS plan to make sure Malaysia can stay ahead of cybercriminals by promoting cutting-edge R&D through international collaboration and stronger national-level legislation (NSC, n.d.). According to the Global Cybersecurity Index, these efforts have paid off as Malaysia ranked 5th out of 194 countries in 2022. Despite this, recent changes such as the rapid adoption of IoT technology and telecommuting have left the Malaysian private sector more vulnerable to cybercrime (TC, 2022). As such, Malaysia will continue to develop and amend the National Cybercrime Enforcement Plan and work with other countries to prosecute cybercriminals abroad (NSC, n.d.).
Australia
In 2022, the Australian government released the 2023-2030 Australian Cyber Security Strategy, which hopes to create approaches to make the country more cyber-secure. The development of the Strategy was a collaborative effort involving industry, academia, state and territory governments, and the international community. The Strategy set out a blueprint for achieving national-level targets in cybersecurity through public-private partnerships, critical infrastructure resilience, digital literacy, industry-academia collaboration, and enhancing relevant policy frameworks (Penn, n.d.).
As stated in the Strategy, Australia wants to collaborate with partners globally to support and defend the international rules-based order in cyberspace by bolstering talent cultivation in cybersecurity (Penn, n.d.). For instance, the Department of Foreign Affairs and Trade has actively created policies to attract foreign professionals and investment from countries with strong engineering talent pools. Through such exchanges, Australia hopes to “promote Australian research,” “support industry-led trade missions,” and “monitor international technology markets” (DFAT, n.d.).
With strong international support, Australia plans to bolster its cyber resilience, especially as internet connectivity continues to increasingly impact critical infrastructure sectors. The Australian Cyber Security Centre has been responsible for laying out guidelines for regular scenario planning, testing, and continuous learning at a national level. By ensuring preventative measures are in place to mitigate cyber incidents, Australia hopes to enhance the protection of critical infrastructure through more stringent access protocols for industrial control systems. In the end, Australia hopes to coordinate agile and rapid responses between the public and private sectors even in the case of an attack (ACSC, n.d.).
The central government also is striving to increase the digital literacy necessary for all Australians, irrespective of background or language, to keep their personal information, businesses, and families safe in the face of cybercrime. To achieve these goals, the Australian Curriculum Assessment and Reporting Authority now take regular assessments of national-level digital literacy levels so that young Australians have the “knowledge, skills, behaviors and dispositions to live and work successfully in the twenty-first century” (ACR, n.d.). Additionally, the Department of Education, Skills, and Employment released the DRAFT Digital Literacy Skills Framework in 2020 to provide comprehensive education and resources to empower individuals to navigate the cyber landscape confidently (DESE, 2021).
In terms of core policy areas, including enhancing and harmonizing regulatory frameworks, Australia provides clarity and best practice standards across the digital economy in the future. In 2022, the Australian Parliament introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which increased penalties for entities with weak cybersecurity protocols while strengthening government oversight and enforcement of relevant areas (Lai, 2022). Through such measures, Australia hopes its cyber security initiatives will bolster regional cyber resilience and contribute to international standards-setting processes (Penn, n.d.).
Australia sees its efforts toward becoming one of the world’s most cyber-secure nations by 2030 as a multifaceted and collaborative effort. Through a comprehensive strategy, engagement with stakeholders, and a commitment to innovation and resilience, Australia will create a cyber-secure environment that fosters trust, protect critical infrastructure, and positions the nation as a global leader in cybersecurity (Penn, n.d.).
India
With rapid digitization comes challenges of the risk posed by technology. Recent attacks on India’s critical infrastructure sectors, such as nuclear plants and space agencies, have highlighted India's need for stronger cybersecurity (DSCI, 2016). The National Cyber Security Strategy 2020 laid out a three-pronged approach to cybersecurity that emphasizes securing vulnerable sectors, strengthening relevant public sector agencies, and collaborating with the international community (DSCI, 2016).
India's national-level cyber security strategy recognizes the significance of secure digitization efforts and highlights the need to embed security in the design, deployment, and operations of digital platforms and services due to the changing nature of cybercrime (Saraswat, n.d.). The Strategy focuses on various aspects, including secure large-scale digitization of public services, supply chain security, critical information infrastructure protection, digital payment security, sectoral preparedness, state-level cyber security, and security of small and medium businesses (DSCI, 2016).
The Strategy also acknowledges the role of advanced technologies such as 5G, wireless, cloud, mobility, IoT, AI/ML, robotics, and others, and the importance of preparing for their cybersecurity challenges (Gandharv, 2022). Therefore, the Strategy places high importance on the development of institutional capabilities, regulatory frameworks, security-by-design culture, threat intelligence sharing, and collaboration among stakeholders to ensure a robust and resilient cyber security ecosystem throughout the country’s financial sector (ICLG, 2022).
In terms of strengthening governance and institutional structures, India strives enhance preparedness and response capabilities, foster innovation and research partnerships, and address policy and legal aspects of technology development (DSCI, 2016). Therefore, the Ministry of Electronics and Information Technology allocated nearly US$76 million in 2023 to fund various cybersecurity research initiatives and bolster the country’s cybersecurity response team (CERT-in) (CPC, n.d.).
Besides this, public efforts involve partnering with academia to strengthen research, innovation, and technology development in cybersecurity as well as relevant capacity and skill building. In 2018, the Data Security Council of India launched the CyberShikshaa, which hopes to increase the number of cybersecurity professionals by training women in particular (DSCI, n.d.).
India is also actively collaborating with the international community to strengthen cybersecurity and internet infrastructure. India's strategy includes active participation with international partners to shape cyber norms, investing in R&D and protecting critical infrastructure (DSCI, 2016). For instance, India and the EU established the EU-India Trade and Tech Council in 2022 to foster “open, free, secure and accessible cyberspace that enables growth and innovation” (ORF, 2022). Additionally, India’s efforts also extend to cybercrime investigation, including legislative reforms, capacity building, technology adoption, and international cooperation. In this vein, India established the Indian Cybercrime Coordination Center in 2020 to help prosecute domestic and international criminals (I4C, n.d.).
Singapore
As a global financial hub, Singapore recognizes the need for proactive measures, partnerships, and workforce development to address growing cyber-physical risks and increased geopolitical tensions in cyberspace. Recently, the country launched the Singapore Cybersecurity Strategy 2021, which is its latest national-level initiative to bolster its cybersecurity ecosystem. The strategy is based on four pillars: building resilient infrastructure, creating safer cyberspace, enhancing international cyber cooperation, and growing a robust cyber talent pipeline (CSA, 2021).
In terms of Critical Information Infrastructures (CIIs), Singapore hopes to develop its policy approach to defend against sophisticated threats while strengthening capabilities to protect, detect, respond, and recover from cyber-attacks (CSA, 2021). In 2022, the Cyber Security Agency of Singapore launched the CyberSecurity Code of Practice for Critical Information Infrastructure (CCoP 2.0) (CSA, n.d.). Through this initiative, the government will work with CII owners and organizations to improve defense against enhanced tactics, techniques, and procedures (IC, 2022). Additionally, the Cyber Security Agency of Singapore will team up with public and private sector entities to improve cyberattack reporting and detection measures (IC, 2022).
To create safer cyberspace, the government strives to raise awareness and encourage the adoption of good cyber hygiene practices among enterprises and individuals. Singapore’s Safer Cyberspace Masterplan 2020 mapped out 11 initiatives to secure critical digital infrastructure, safeguard cyberspace activities, and foster a cyber-literate public (CSA, 2021). In these fields, Singapore also promotes implementing DNSSEC protocols, encouraging businesses to invest in device security, and incentivizing Software-as-a-Service platforms to develop secure applications (CSA, 2021). The government also launched the National Digital Literacy Programme in 2020 to engage vulnerable groups through educational programs that foster safer internet practices for young people across the country (APS, n.d.).
Singapore also hopes to participate in international cyber policy discussions and advance the development and implementation of cyber rules, norms, principles, and standards. In 2022, Singapore and the US signed an MOU to expand cooperation in this field to develop “critical technologies,” support “information sharing,” and foster “cybersecurity exchanges” (CSA, 2022). Singapore’s National Cybercrime Action Plan also places importance on the need to strengthen capacity-building initiatives to combat cross-border cyber threats through cooperation with agencies such as INTERPOL and other ASEAN countries (MHA, n.d.).
Singapore will also leverage its status as a trusted tech hub to further promote cybersecurity capabilities in institutes of higher learning, the government, and the private sector (CSA, 2021). For instance, Singapore launched the SG Cyber Talent initiative in 2022, which will start training 20,000 young cybersecurity professionals over the course of 3 years (CSA, n.d.). Additionally, Singapore launched the SG Cyber Women initiative to utilize an “under-represented talent pool” while developing “professional skillsets through learning and training” (CSA, n.d.).
Sources:
- Malaysia
2. Australia
3. India
4. Singapore