CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment 153
14. Malaysia
On cyber security, Malaysia was a regional rst
mover and compares well with many other countries.
Its ongoing commitment was demonstrated in 2020
with new cyber-security strategies for the civil sector
and for national defence. There is lile information
available on core cyber-intelligence capabilities or the
development of oensive cyber, with the policy state-
ments issued in 2020 focusing more on active defence
in cyberspace. Malaysia has prioritised the devel-
opment of an indigenous digital-industrial base in
support of its wider economic-development agenda.
It compensates for some of its shortcomings in cyber
capability through international alliances, particu-
larly with the United States, the United Kingdom,
Australia and Singapore. Overall, Malaysia is a
third-tier cyber power but has clear strengths in
cyber-security policy and strong digital-economic
potential. If it realises that potential, it could create
the foundations on which to become a second-tier
cyber power.
List of acronyms
ASEAN Association of Southeast Asian Nations
CDOC Cyber Defence Operations Centre
CERT Computer Emergency Response Team
ICT information and communications technology
IoT Internet of Things
MAF Malaysian Armed Forces
MoD Ministry of Defence
NACSA National Cyber Security Agency
NSC National Security Council
Strategy and doctrine
The development of Malaysia’s cyber policies, strategy
and doctrine has been shaped more by its industriali-
sation and development agenda than by international-
security considerations. Closely tied to the economic
imperative is the aim of guaranteeing a free and open
digital environment for innovation and the need for a
stable domestic environment to underpin investment.
The country’s cyber policies have also been shaped by
the high priority successive governments have aached
to issues of internal security.
Malaysia’s interest in cyberspace can be traced back
to the 1990s, when the government rst recognised
the potential of the internet to transform its provision
of public services and catalyse the country’s develop-
ment. It set out to foster a digital ecosystem through a
combination of public policies and incentives for busi-
nesses, including signicant investment in creating the
necessary technical infrastructure. The goal was to accel-
erate the transition from an agriculture-based economy
to one based on manufacturing and services, and then
ultimately to a fully edged knowledge economy.
In 2006 the government announced a National Cyber
Security Policy (NCSP) that identied ‘ten pillars’ of
‘Critical National Information Infrastructure’ and rec-
ognised their interdependence.
1
The NCSP outlined a
piecemeal approach to building up cyber-security capa-
bilities at the national level.
In 2016 the government published a Public Sector
Cyber Security Framework to consolidate the various
directives since 2000 that had been aimed at bolstering
