ArchiveS ArchiveS

STATEMENT BY MALAYSIA AT

THE FOURTH SUBSTANTIVE SESSION OF THE 

OPEN-ENDED WORKING GROUP ON SECURITY OF AND IN THE USE OF

INFORMATION AND COMMUNICATIONS TECHNOLOGIES 2021-2025  

ON  

CONTINUING  TO STUDY, WITH A VIEW TO PROMOTING COMMON

UNDERSTANDINGS, 

“EXISITING AND POTENTIAL THREATS IN THE SPHERE OF INFORMATION

SECURITY, INTER ALIA, DATA SECURITY, AND POSSIBLE COOPERATIVE

MEASURES TO PREVENT AND COUNTER SUCH THREATS”  

 

6 MARCH 2023

NEW YORK   

 

Mr. Chair,  

 

1.      At the outset, my delegation would like to express its appreciation to you, Mr. Chair, for your continued efforts to advance the work of this OEWG. Rest assured of Malaysia’s full support as we work together to achieve substantive outcomes through this important process.    

 

2.      Malaysia welcomes today’s  exchange of views on existing threats to international peace and security in cyber space.   

 

3.      Building on the conclusions and recommendations agreed to in previous OEWG and GGE reports, it is evident  that, in the face of constantly evolving technological developments, a fundamental understanding of their security impact is crucial in building and maintaining international peace, security and trust in the ICT environment.   

 

4.      While new and emerging technologies have accelerated the process of digital transformation, these technologies can be exploited for malicious ICT activities. For example, cloud computing has made application development so much easier, with characteristics such as “on-demand” acquisition, shared resources, scalability, and elasticity, as the aim is to achieve  economies of  scale. However, if security and privacy considerations are overlooked in a cloud environment, there  may be  huge risks to ICT security. The fact is security requirements are pivotal to the safety and resilience of new and emerging technologies.   

 

5.      Artificial Intelligence (AI) can undoubtedly drive inclusive economic growth and support scientific advancements that improve the conditions of our world. It is also an effective tool for cybersecurity protection, as well as incident detection and response. At the same time, AI can also be used to automate cyber-attacks, making them faster and improving the accuracy of the attack vectors. Malicious actors can use AI to send targeted, convincing phishing emails or create fake images and videos that may be used to propagate misinformation or manipulate public opinion.   

 

6.      Another emerging technology that will completely change the technological landscape is quantum computing. The widespread cryptography protocols today rely on computational limits on traditional computers to provide cybersecurity controls. With quantum computing, most modern cryptography can be broken. Today, threat actors are stealing and harvesting encrypted data in anticipation of being able to decrypt it in the future, once the necessary quantum technology is available.   

 

Mr Chair,   

 

7.      The international community can collectively develop a deeper understanding of the potential risks brought about by these technologies, by working together to understand their impact and manage the risks relating to their responsible development and use. This is essential because privacy and cybersecurity risk management considerations and approaches are applicable in the design, development, and deployment of these technologies. Research on potential vulnerabilities and identification of security controls, as well as development of best practices for securing these technologies, are among the initiatives that should be pursued through collaboration with all relevant stakeholders.    

 

8.      It is also important to note that both new and conventional technologies are subject to rapid innovation and advancement, and must be continuously monitored and deployed as we work towards a technological future underpinned by trustworthiness and responsibility.   

 

Mr Chair,   

 

9.      The balancing of security and privacy aspects, without impeding usability or compromising safety, requires participation from cross-disciplinary experts in applied research. Collaborative action between all stakeholders in the cyber ecosystem is required. In this regard, the OEWG can play a critical role in facilitating dialogue on specific technologies, such as AI or Quantum Computing, with a view to further elaborating how best to mitigate any threats to international security. Other collaborative initiatives that may be undertaken are responsible disclosure of vulnerabilities, development of security standards and implementation of security baselines for national cyber security protection. 

  

10.      Cyber criminals are now using advanced tools and networks that mimic large organisations, increasing the complexity of cybercrime cases. The proliferation of illicit “marketplaces” for “crime-as-a-service”, including ransomware, has commoditised cybercrime. Barriers to entry for cybercriminals have reached an all-time low, and cyber-criminals no longer need to be highly skilled.   

 

11.      While the work of the Ad Hoc Committee to elaborate a comprehensive international convention on countering the use of ICTs for criminal purpose is on-going, States can already work to implement concerted, swift, and effective measures with hosting providers, Internet service providers and domain registrars. These include blocking and taking down malicious sites at the level of hosting providers, especially those that affect Critical Information Infrastructures.     

  

Mr Chair,   

 

12.      Malaysia believes that the ability of the international community to prevent and mitigate the impact of malicious use of ICT depends very much on the capacity of each State to prepare and respond effectively. Capacity-building can help create a national culture of cybersecurity. Such a culture will support the development and maintenance of secure systems and infrastructure, deepen the understanding of key actors on salient issues, and promote clear threat visibilities, which are all essential to, and aligned with, the framework of responsible state behaviour.   

 

13.      Depending on its existing capabilities, a State may require assistance in the following areas, so as to develop an adequate security infrastructure and mitigate threats to ICT security:  

 

I.    Effective national cybersecurity policy and governance to ensure appropriate national cyber security protection and response, consistent with the framework of responsible state behaviour; 

 

 II.    Technical expertise to assist policymakers in developing and implementing effective cybersecurity strategies and policies;  

 

III.    Capacity-building programmes to build a national cyber security workforce and expertise;  

 

IV.    Adequate funding to invest in people, technologies, and infrastructure in supporting cyber security efforts;  

 

V.    A legal framework that enables effective investigation and prosecution of cybercrime, and regulation of the use of ICTs;    

 

VI.    Capacity to effectively assess and manage risks associated with the use of ICTs and enforce cyber security controls as baselines; and  

 

VII.    Capacity to effectively to respond to and recover from cyber incidents.    

 

Thank you, Mr. Chair.