CyberSecurity Malaysia and DICT Philippines : Building AI-driven Cyber Resilience

Show Notes

In this episode, we dive deep into the cybersecurity landscape in Malaysia and the Philippines. Joined by Nurul Husna Mohamad Nor Hazalin, Cyber Solution Specialist, CyberSecurity Malaysia. and Engr. Maria Sinag Abello, Section Chief, Technical Evaluation and Cybersecurity Standards, Cybersecurity Bureau from the Department of Information and Communications Technology (DICT), this discussion uncovers the opportunies for growth in the cybersecurity markets in Malaysia and the Philippines.

CyberSecurity Malaysia is the national cybersecurity specialist agency under the purview of the Ministry of Digital.

The Ministry of Digital was established to drive the national digital agenda through two main sectors: the Strategic Policy Sector and the Management Sector, with a total of seven divisions. 

The DICT Cybersecurity Bureau is tasked to implement the National CyberSecurity Plan.

DICT is the primary policy, planning, coordinating, implementing, and administrative entity of the Executive Branch of the government that will plan, develop, and promote the national ICT development agenda.

Transcript

AIBP: 0:00

As digital transformation accelerates, both Malaysia and the Philippines are focusing on strengthening cyber security measures, but what specific areas are seeing the most attention.

Nurul - CSM: 0:09

As what you have mentioned just now that are the top three we are looking for, the cloud security, zero, trust architecture, AI and also we have digital trust and governance.

AIBP: 0:24

Organizations looking to operate in these markets must align with security assurance requirements and industry standards. Compliance is essential, particularly for sectors handling sensitive data.

Maria - DICT: 0:37

One of the security assurance requirements

AIBP: 0:37

The demand for advanced cyber security solutions that we require is to have an ISO IDC 27,001 information security management as well as if they're looking at on the E commerce side. They should comply with the PCI data continues to grow. Cloud security, AI driven protection security standards. and zero trust frameworks are shaping the region's security landscape. Cyber security providers that align with these priorities and regulatory requirements will be well positioned to support the region's digital growth. This session was recorded at aibp insights together with the Department of information and communications technology of the Philippines and cyber security Malaysia, as part of ongoing discussions on strengthening cyber security resilience across Southeast Asia. Please enjoy this episode from the AIBP ASEAN B2B growth podcast.

Unknown: 1:46

The AIBP ASEAN B2B growth podcast is a series of fireside chats with business leaders in Southeast Asia focused on growth in the region. Topics discussed include business strategy, sales and marketing, enterprise, technology and innovation.

YY - AIBP: 2:08

Good afternoon and welcome to our very first AIBP Insights in 2025 for those who may not be familiar with us. AIBP Insights is a series of discussions held online which brings together a focus group of ASEAN stakeholders discuss topics related to enterprise technology adoption in the region. Today, we are here to talk about cyber security, particularly, how do you build AI driven cyber resilient. And of course, we always want to point the spotlight back to our ASEAN stakeholders. And we have today with us, DICT from the Philippines and also cyber security Malaysia. Before we put the spotlight on this two stakeholders, we'll like to perhaps give you some context on where and why we are going through this discussion today. For those who may be joining us for the very, very first time, welcome to our community. AIBP stands for ASEAN Innovation Business Platform I've been around since 2012 and in the work that we do, we serve as an avenue for public and private organizations in Southeast Asia to come together to access information around innovative digital transformation journeys, to assess the level of innovation within their own organizations, and also to advocate for innovative digital transformation journeys, which serve as light houses for other enterprises to model after. As I mentioned at the very start of today's discussion, this is under AIBP Insights, which is part of our virtual focus group discussions under AIBP Online. However, you will see us in many different contexts, where you can engage with us and have access, assess and advocate for digital transformation within your organizations through the different channels that we have. Today's discussion, we are focusing on Cyber Security in our latest 2024-2025 ASEAN Enterprise Market Overview. We look at the top five challenges in digital transformation, and you would see in the Philippines, in Malaysia, in Southeast Asia, cyber security and privacy concerns rank among the top five challenges that enterprises face as they embark on the digital transformation journey. In Malaysia itself, we see that the cyber security market is on a steep growth trajectory, however, or should I say, because of that, fraud remains the pre-dominant cyber threat. And as of in August 2024, we had 2778 cases of fraud. In Malaysia, a substantial talent yet exists, and the government is looking to cultivate 25,000 cyber security professionals by this year. Similarly, in the Philippines, the cyber security market is also experiencing significantly, significant growth, projected to reach 387.1 million by 2028 growing at 13%. The Philippines also face 8800 cyber attacks daily, a five fold increase from 2024. Similar to Malaysia, there is also a critical shortage of cyber security professionals, and the government in the Philippines is also looking to train 10,000 professionals cyber security by 2025 this year. Well, if we look at some of the priorities when investing in digital transformation projects, looking into what are they spending on, you would see that for cyber security and data protection, well, it's not the number one priority. It has grown the most significantly from 2019 to 2024 in the last five years, more than doubling from 2019 to 2024. If you'd like more information and more details into what all of these numbers mean, feel free to scan the QR code that you see on screen right now to get at first access to a 2024-2025 ASEAN terprise market overview, where you would also see first hand information of enterprises and some of the key challenges they face within their organizations itself. Now that I've covered the ground, well, we look more into cyber security. We've done a specific cyber security study looking into the Philippines itself, and we asked, how confident are you in your organization's ability to rely on AI for making security decisions, because that seems to be the trend right now, we have AI in the front end, but can we use AI to protect our organization's data too. Well, the predominant numbers if they're somewhat confident, but you would see the second largest circle over that it's also somewhat confident. So what does that actually mean? If you want the details of what all of these numbers, please do, scan this QR code if you're interested in cyber security in the Philippines specifically. And we will also share all of these resources with you, if you have signed up, if you're joining us here, or your colleagues who wants to join but have not joined yet, you can let them know that this resources will be shared with all this on or all of you online right now, and you can share that with your colleagues. Well, without further ado, I'd like to introduce our panelist today. You would see that cyber security Malaysia was supposed to be represented by Zabri, but we are very happy to have with us, Nuru. Zabri, unfortunately, has taken ill, he's done with influenza, which we want him to recover as soon as possible. So we have Nuru, who will be sharing more about cyber security Malaysia. Well, I've spoken a lot in the first five minutes of this discussion, and now it's time to hand over the spotlight to the two ladies on the screen here. Well, Shine, Nurul, perhaps you can give our audience online today a little bit more background about what you do for your organization, and also, how do you get into this role? Perhaps you can start with you Shine.

Maria - DICT: 9:07

Thank you, yy for the introduction. By the way, I am Sinag Abello. My colleagues call me, Shine, for some reasons that Sinag is a Tagalog word for sunshine, so that's how I got the the nickname. So I started working with the DICT last 2016 actually, it what this is, the 9th year in my DICT now. So I started working for the regional office, looking at or managing the flagship programs of the DICT in terms of free Wi Fi, access to the public places, as well as the E-government or business process and permits and licensing. And I'm also the regional fo for the Philippine National - key infrastructure in the region three and four. And then in 2021, I joined the Cyber Security Bureau as the section chief of the technical evaluation and cyber security standards. So most of our work here in the tech section is we evaluate some projects that for the cyber security funding, as well as we're taking a closer look at the risk management for the cyber security organizations and the critical information infrastructures in the Philippines. So that's one of the, many of the functions that we have, as well as we're also engaged, and we're pretty much involved in creating policies for Cyber Security Bureau that is anchored in the National Cyber Security Plan of the

YY - AIBP: 10:57

That's a lot of different roles that you play, Philippines. Shine. So I guess you really do need to be as bright as the sunshine in order to have the full energy to take on all this different projects that you do for DICT. But we do see that in the Philippines, as digital transformation accelerate, there is a need for government coordinating body to make sure that all of this threats are also managed accordingly. Well, Nurul, Cyber Security Malaysia, well, we have the opportunity to include Dr. Haji Amirudin as one of our advisory board members at AIBP, and we've worked very closely with CyberSecurity Malaysia across many number of years. What, Nurul, could you give us a little bit of back story about what you do for CyberSecurity Malaysia?

Nurul - CSM: 11:46

Okay, thank you Hawaii. And first and foremost, I would like to apologize because I actually almost lost my voice, but I guess that I could not decline an invitation from AIBP. They have been a very great friend for Cybersecurity Asia. Okay, um, Hi everyone. I'm Nurul from CyberSecurity Malaysia. So basically, I have been with CyberSecurity Malaysia for the past 18 years. I can say, okay, so even though I might not look that old, but I have been now working for Cybersecurity Malaysia, yeah, for 18 years. Okay, um, started in IT department, and then I also become the third manager. So I participated in a lot of cyber drill exercise for national level, because CyberSecurity Malaysia has been the National Technical Arms or National Reference Center in Malaysia. Okay, So we have been doing a lot for the government. We have been assisting the law enforcement agencies with our various services. Okay, And previously, I was also in digital forensics. So we have been helping, assisting criminal-related activities for the law enforcement in Malaysia. We even have the law enforcement themselves to establish their digital forensic lab. We can proudly say that we have been existing almost 10 lab in Malaysia and even internationally. We have been existing national digital forensic lab of Oman and national digital forensic lab of Brunei in establishing their lab, not only I mean recommending or consulting, but we are also helping them to develop the procedures, train them, to develop the competencies, or in case, anyone from the regions requiring some assistance in establishing your lab, we can humbly say that we love to help everyone. Okay, and now I have been transferred to this cyber solution department because we are trying to explore international collaboration, engagement and commercial opportunities. Because even though we are mandated to actually serve the government for free, of course, because testament given to us, but we are also receiving a lot of requests from the private sectors to actually assist in Incident Management, in digital forensics, in certifying or verifying products, because we have like eight labs in cyber security Malaysia, and in fact, we are the only lab in Southeast Asia who are doing validation for cryptography. So basically, we are holding and wearing a lot of hats. It's just that now we have like 24 departments in CyberSecurity Malaysia, so I think that, without saying right to actually explain what is our rules. Okay, Thank you.

YY - AIBP: 15:19

24 departments - That's really quite amazing. So between the both of the even though both of you look really young, the experience is deep, and I saw Shine nodding her head when you talk about international collaboration and working together. So perhaps that's something that we can look more into. Well, if I could highlight one thing that we found from both countries cybersecurity road map was really about fulfilling the cybersecurity talent required to really address the cybersecurity needs of the country itself, I think in Malaysia, is to aim to train 25,000 professionals this year. Well, could you share with us a little bit more? Nuru, what are some of the high demand niche? Because cyber security is pretty broad, right? I think in your role, you've mentioned about different roles. Is it cloud security, AI driven, threat detection, or any other areas should, let's say, if there are foreign companies who are interested to invest or to help within Malaysia itself, what should they prioritize when entering this market?

Nurul - CSM: 16:23

Yeah, I guess that as what you have mentioned just now that are the top three we are looking for. Okay, the cloud security, zero trust, architecture, AI, and also we have digital trust and governance. Okay, digital trust is something that we are trying to focus more cybersecurity and focusing more on digital trust because we got a lot of systems technology or programs that have been deployed or implemented and on boarded by the government themselves. But it does not receive what we can say that the target in term of enrollment or onboarding, the number of people to onboard on the system. So, that's where we find out that it's not about whether it's a good system or not, but it's more on how do the end user or the citizens are actually looking on trust? Do they really trust it? Okay, the digital trust and from sophisticated perspective, or we are also requesting a system from partners, from service provider in improving that, through certification, through testing, those kind of assurance that that we need okay. But if everyone aware of, or are aware of that, the government has appointed CyberSecurity Malaysia to establish and become the Cybersecurity Academy, where this is actually to solve the issue highlighted last year that that it goes viral, the lack of a talent in cyber security. So we get the minded from the government to actually establish the Cybersecurity Academy, to actually help, or accelerate, expedite, process to actually generate more and more talents that we are lack of now, okay. But among the talents or the competency required that are those you have mentioned earlier, that on cloud security, because now we have AWS Asia, Alibaba building the data center here in Malaysia. So I think the need in that area would be very much. I mean getting more and more, and also the digital trust, okay. So that's why, in our previous session with AIBP, we are onboarding quite a number of solutions who are actually requested by our partners, our stakeholders, to actually address the digital trust initiative.

YY - AIBP: 19:17

Okay, agree. I definitely think that it is very interesting, and I believe we have, like, a tech update with Cyber Security Malaysia on a quarterly basis. So if you are a tech solution provider on the call itself and you'd like to contribute in really building the talent pool, please reach out to our team and we'll actually let you know how we can collaborate more together. Well, also shameless plug, because Nurul, you talked about digital trust, I think we will be looking into another session tomorrow, looking into the evolution of digital trust in the age of AI, taking the perspective from enterprises itself, right? So be caring from the head of security - from AXIATA group, from Indosat Ooredoo Hutchison, and also from Tenaga Nasional Berhad, to really address this digital trust area. But Nurul, as you mentioned, and I think when we spoke with Dato Amaru, just actually two years back, even two years back, he talked about how CyberSecurity Malaysia has built out a talent pool, but people or other organization will keep poaching the talent itself. So that's a requirement to constantly build this talent, right? Shine, I believe in DICT and Philippines, right? There's also this very deep need to develop talent cybersecurity, because there's just not enough talent that are well versed in cyber security to go around, for all the enterprises, for all the government agencies, tell us what you're doing and maybe what are the areas that present the most urgent need for partners to come in to address. Right? So in the Philippines, we share similar issues with Malaysia that there is a lack of talent in Cybersecurity industry. So if you're looking at the certification for the ISC square, the CISSP, we only have around 300 less than a 300 CISSP, certified here in the Philippines, and most of them are not here in the Philippines practicing cyber security. They're also abroad practicing the cyber security. So there's we saw a gap in the demand of the supply of the professionals working in cybersecurity, as well as the demand that there is a very large demand for cybersecurity professionals, not only in the government, but also in the organization and the enterprise here in the Philippines as well. So what we are doing is we had the the National Cyber Security Plan of 2023 to 2028 and we have outlined the the people process technology issues that we have, and one of them is the cyber security workforce that we need to have our capabilities increase. So, under the plan, or the National Cyber Security Plan of the Philippines, one of the outcomes is that we need to increase our professionals. So it one of our strategies, or we have six strategies under the outcome two of the National Cyber Security Plan that we need to have established a ICT Academy under the DICT and institutionalize a Cybersecurity center of excellence, just just like Malaysia, we're We're looking at the models in the ASEAN. So we have a model from the Singapore. We also have a model for the Thailand. And then we also need to revise the index of the occupational services in the government. Somehow our Civil Service Commission here in the Philippines, they did not have the titles for the cyber security positions. So we need to revise the plan till the qualifications of for the standards for in the government, to include the cyber security career positions. And then, of course, we also do, we have also proposed the revised plantaria positions in the government, as well as we're also partnering with the local and international training providers to develop an online training and job matching platform for cyber security, AI and other emerging technologies just to be able to fulfill or to fill up the gaps in the cyber security workforce, and also under the National Cyber Security Plan of 2028 we also, we would like to look at on the possibility of providing partial and full scholarship for higher education students in cyber security, according to the laws here in the Philippines, and also one of our the annual we have an annual competition in in terms of for gov, it's a capture the flag competition, and we open this some competition to the universities here in the Philippines, just to be able to steer up their interest in cyber security. Thank you very much. Shine for sharing that. Well, I really like that how you have built a program to be engaging to the younger population that may be interested in cyber security, new rule pass in your experience, because what Shine is doing at DICT is to build Academy. You have already built Academy. Any key areas that you'll like to advise in terms of like, when you're building out the structure, what are some of the challenges and what are some of the areas one should focus on.

Nurul - CSM: 25:21

okay, from in Malaysia perspective, I guess with always about price, funding and things like that. So I guess that we know that a very established training provider in cybersecurity, such as sense Institute, for example, yes, training is very comprehensive and effective, but it's not affordable for everyone, especially, I believe in Southeast Asian countries, because of the currency in US. So the same goal. So what we are doing in Cyber Security Academy is basically to develop our own module, which is meet the requirement of the industry in that particular area, and to make it as affordable as we can. Okay, that's the the biggest challenge. And just like what Shine is doing, we are also trying to collaborate it with our university, to put the module as part of the module in their university level. And in fact, we are also expanding our services by actually exploring any grant of fund which can actually become a sponsor them, as that's the biggest challenge. We can actually, we, I was, we can commit in developing a lot of training modules, which is beneficial for everyone. But then there's a cause implication for that. I mean, we still need tools and all that. We need to pay the resources, okay, and to actually get the enrollment participant is quite high due to the price. So it's not we are. We are not only developing an affordable training and certification, but we are also helping them by exploring some grant of fund from the government, which can actually sponsor all those participants to actually attend our training. So basically, I don't know, perhaps it's different in Philippines, but that's the issue here, mainly here in Malaysia,

YY - AIBP: 27:58

Understand. So it's to take a more tailored approach and to really align to your local stakeholders, versus, like a commercial approach, right? Because if a commercial approach is like, what's the best way to maximize revenue. But I guess in this case, it is more of a national agenda. So how do you make sure that this is affordable in order to reach your goal of having 25,000 trained professionals in cyber security, understand that. Well, you know, we talked quite a bit about, I think, Nurul at the start you spoke about how there are more and more players in Malaysia setting up their local data centers, right? I'm quite curious in the Philippines itself, you know, we talk about data sovereignty, and I think the National Cyber Security Plan emphasize data sovereignty. So if I think about, let's say cloud solutions, right? Any advice for say, foreign companies who may be structuring, say hybrid cloud solutions to meet the local requirements, Shine?

Maria - DICT: 29:02

Okay. With the data sovereignty here in the Philippines, we have a Cloud First Policy that was issued by the DICT, and it talks about the data classification of the data we have the highly sensitive data, government data that would sit in the within the Philippines territory, and there, there is also an above sensitive government data, um, it could sit in the Philippines, but it could have a, should have a control, security assurance requirements that they have to to comply with. So also, we have some non-sensitive government data that it could sit anywhere else in the world, but they have also have to comply with the security assurance requirements. So one of the security assurance requirements that we require is to have an ISO IEC 27,001 Information Security Management, as well as if they're looking at on the E-commerce side, they should be, they should comply with the PCI data security standards just to be able to have their data accredited for the cloud, cloud service provider. And then there are several optional standards or control that it was specified in the Cloud First Policy of the Philippines to the DICT. Well and also there, there are also data privacy laws that the data or they have to look at on implementing their data localization here.

YY - AIBP: 30:59

Thank you very much, Shine for that overview of what companies should be looking at when they are looking to do create a hybrid cloud strategy. I like that it's cloud first. I think that it's very important for many of the companies right now that are looking to enter or grow within a new country, right? But if I go back to today's discussion topic, which is really about driving or building AI-driven resilience, right? Both of you, Shine, Nurul. You've been in the cybersecurity industry for very, very long, close to 20 years, over 20 years. AI has been a hot topic in the last two years, three years or so. It's not completely new, but I'm quite curious, in your experience, how has AI changed in terms of when we look at cyber resilience as a strategy within the organization, or within some of the enterprises that you speak with? Maybe you can start with Shine.

Unknown: 32:02

With the enterprises that we speak of, actually, when we are capacitating ourselves here in the Philippines, in the National Cyber National Computer Emergency Response Team, we look at some tools that it's capable of AI. So that our analysts would be able to to provide more focused on the more important tasks, rather than shifting all of those problems in one all of those threats and alarms for that. So we're looking at some COVID providers that could play us with the artificial intelligence that would help us to to sort out the mundane tasks, and then focused on on the more priority tasks that we have. So currently, what, what we're employing right now is we have some tools like IDS and IPS that is helping us in providing those shifting of the the tasks that would involve, as well as we're looking at on a one another service, we're looking at to have a service for risk management, how we're looking at employing an AI to be able to see the organization in a non intrusive environment that to look at their compliance in some of the standards. So AI would help us in automating those systems. And then we'll be focusing more on the more tasks to be prioritized, and more prior prioritized tasks and more more important, important tasks to be resolved.

YY - AIBP: 34:02

Understand. So AI can help in really prioritization of the many, maybe threat detections that you may see. Right? What do you deal with? First, what is of highest priority? For you, Nurul, at Cyber Security Malaysia, how have you seen AI play a part in your cyber resilience strategy?

Nurul - CSM: 34:23

Okay, um, just to echo what Shane has mentioned just now for us, yeah, it's now widely used in the SOC, especially in Security Operation Center, because I think the usage of AI or tools which are AI embedded is very much appreciated and much helpful, because they can actually help to solve the level one of all the SOC analyst activity. So it leave the analyst, which just a more advanced analysis to be done conducted than just like a day to day, or just like a typical log analyst, is a level one activities. So with that, I mean, we can focus more on upscaling the analyst to become very expert in that area. Compared to previously, they have to, like, go through logs. It's really a time consuming, for example. So AI has half SOC operation to become more efficient and more I could say the optimization of SOC itself. But other than that, we also saw the increased number of usage of AI in digital currency previously. It's like previously, we are doing all the extractions, and then you have to do like some Forensics Analysis manually. It has to be conducted by the DF analyst themselves. But now each AI has helped to expedite that, because we know those in digital forensics, they know that it takes time to do data extraction, that's only the first level, and then for the analysis itself, especially if it involve a large size of data, so it require longer time. That's why we found that it's not unlike those in CSI series, where they can actually settle everything in one day or one hour. It took us sometimes almost one month to actually come out with a conclusion that. So in digital forensics, AI are used or improve in malware analysis, e-discovery and also advisory AI defense mechanism. So I believe that it actually be more helpful, because there's less we is not to reduce the interference of analysts themselves, but actually it reduce the time and make it more efficient and optimize whatever resources we have. And with that, we can actually develop, generate, build more capability, more competence, and more I would say, like advanced capability in the operation area.

YY - AIBP: 37:44

Understand, you're right. If there was a CSI series that shows the real scenario of it being solved, I don't think we want to watch something that spends over a month, right? So it's always sped up in order to drive the dramatic content. Well, when we talk about drama, I think all of us have heard about Deep Seek, you know, really overtaking. And maybe the question is not specifically about Deep Seek, but rather when it comes to innovative technologies and really the users utilizing it, right? I think for Deep Seek, when it first came into the news, it was about how powerful it was with using very little resources. But very soon there was a discussion about how there was many cyber security concerns that was revealed. Right? So I'm quite curious within your organization itself, how do you manage all this emerging technology when it could pose a threat in to the national say, digital ecosystem itself, um, perhaps maybe walk us through some of like, what has happened when chatGPT came into play? What did the organization do in order to manage new emerging technology. Shine, do you want to start first?

Maria - DICT: 39:07

Actually, in the Philippines, we're committed, or we're open into a utilization of AI for development, actually, one of the department here the Philippines, the trade and industry has developed an AI roadmap focusing on the areas of digitalization and infrastructure, research and development, workforce, development and regulation, and then on the Senate, the legislative agenda of the Philippines, there are several House bills already that was this word filed through the Senate and the House. So they actually, on the house, on the House of the Representatives, rhey have filed in house bill on establishing a regulatory framework for robust and reliable, trustworthy development application of artificial intelligence. And to create a Philippine Council of artificial intelligence determinating the roles of the virus government agencies and in the Senate, one senator has filed a to provide an artificial intelligence training program for government workforce, also within the university or in the academe, we also embrace the use of AI, but there is a principle behind under the responsible and the trustworthy use of the AI intelligence. So one of the universities here in the Philippines, the University of the Philippines, as well as the Polytechnic University of the Philippine has issued several policies already on the responsible use of artificial intelligence. So somehow, the Philippines has been embracing this digital transformation of using the AI and and we hope that by using this AI, we're responsible enough to be able to use this in a good in good use, rather than in bad source.

YY - AIBP: 41:13

And Nurul, I believe cyber security, or should I say, Malaysia, has actually set aside really large budget, I think it was 421 billion ringgit budget for AI cyber security. How does that actually shape R&D opportunities, say, for foreign tech companies, right, looking to come in and support this emerging tech landscape.

Nurul - CSM: 41:37

Okay, best. Basically, in Malaysia, we have just launched the National AI Office end of last year. Okay, it's an actually a central authority to manage AI, and we are so happy that they have bring along on board Cyber security Malaysia to actually assist them. Okay, the role of these is basically first to come up with a guideline on ethical usage, ethical development on AI means that so far, there's no international standard on that. We have some countries we have just established or a launch, or the policy on AI, for example, but there's no ISO on that yet. So far, so we are helping them in developing the guidelines for ethical usage of AI and also the ethical development of AI. But in terms of research, part in cyber security is of we have a security testing lab. We have to so now we are in the midst of doing some research and development in developing a testing module to test, to actually test the security of the AI means that it has to be tested, right? I mean everything, the technique, part of it, the content of it. So basically, cyber security Malaysia, we are now developing it. So we hope that we can launch it soon as possible, where the importance of this testing is basically to ensure one is, is, is another activity or initiative under our digital trust initiative is actually to ensure the the security, the integrity and the reliability of the AI, because that's the main concern, Right? Because everyone from the youngest to the elders are actually using AI in their daily activities. So basically, we think that is one of our responsibility to ensure that it's secure. How to ensure is to test it. So we hope that we can have the testing to conduct the testing as soon as possible. Yeah, and of course, we are also the government is, have they have a lot of initiative, as mentioned, they have spent because they want, part of it is that to to conduct the security. So basically, we are also partnering up with some of a solution provider in identifying what is the best mechanism in conducting the task, for example, and what kind of AI solutions available in the market that we need to capture, that are that are be used in Malaysia, that are be embedded in Malaysian system, for example. So we need to partner up with the solution providers so that we can know better about the product or solutions then only we can actually focus or identify. What are the threat associated to that? Because different, different AI, they train it differently, right? They are built differently. So it's obviously a different threat for each and what are the risk associated to the usage of it, for the development of it? So that is basically what we are looking at now in established communication.

YY - AIBP: 45:23

Thank you so much, Nurul. Well, we have some questions from the audience itself, and perhaps this question, I will direct it to Shine first. The audience, Suraya Hani Ahmadzaki is curious with regards to, how do you test, say, the new AI technology coming to DICT, how do you do, like, say, a product testing for products coming from overseas to be implemented in Philippines itself.

Maria - DICT: 45:53

So on our capacity to test the products, we usually do proof of value or proof of concept just to be able to test the product. Currently, what we have now is we do not have the the testing laboratory, just like palatial, but we're we're looking at establishing a testing center for some of the IoT devices that we have, so there will be a certification process, as well as the voluntary labeling of the IoT devices for AI. We're still looking at the capability we need to to increase our capabilities in understanding the problems and issues of the AI, so that we can be able to have the leverage, just like Malaysia, to have more robust technology, moving forward in implementing the AI as well as securing its ethical use and responsible use of this, this, this technology.

YY - AIBP: 47:10

Thank you very much, Shine. Well, to you, Nurul, I think the question is, with regards to how do, how does cyber security Malaysia ensure, like, full compliance of government entities to secure public service systems? So an example given is, let's say the Ministry of Education is planning to develop a new e learning platform for Malaysian students. How does the project Digital architecture? How does it go through, like, the security review before development, and then, like, the proper pen test before deployment or going live. How does that work? This question is from Muhammad Hafez Bin Rosli.

Nurul - CSM: 47:48

Okay, thank you for the questions. Okay, basically, Cybersecurity Malaysia, we don't really have, like, sub enforcement power, for example. So all this while, we can say that we have to proactively do things. So in term of that, the implementation to to ensure the the security of the E-learning system, for example, what we have we, what we have did is we come out with a lot of guidelines. Okay, on SDLC and on a lot of other things in the system. So it's publicly available, and we actually share it with all the ministries, for example, and the other audience as well. And the other thing is we are also always promoting our certification, like ISO 27,001, we even get amended, but we even get the, what we call a decision. We successfully what we can say influence the Minister to actually make a compulsory in their tender paper, from the beginning. So and proactively as well, we are also sharing threat intel information with the agencies like a government domain, so we keep monitoring it. If you find anything, we will actually notify everyone. We come out with a localized custom advisories shared with all the agencies, the the government agencies. So basically, because we cannot, we have been pushing it so and still continuously trying to get, like some mandate in terms of policy, to put it officially in any of the procurement paper, for example, because it should be include, included in that, right? So, but we are still continuously doing it, but I guess upon time, because different ministry has different structure and different processes, so that's quite a challenge for us, but we are doing all the best that we can from our capacities. So, that is through our proactive activities. Okay, I hope. But like what the question mentioned when we are promoting like we are, we are coming out with a awareness program on you need to conduct vulnerability assessment towards the system prior deployment, for example. But we ensure we have the capability in doing that. We are not only proposing it, but we have the capability in doing that. So like whenever we are proposing it, and then they say that, okay, cyber security ministry, please help to actually do some VAPT towards our system. We are happy to do that, because we are. We have the capability in doing that.

YY - AIBP: 51:08

So it's not just talking about it, but you actually have the capability and the capacity to help to do that, take that necessary action, to help the government agency or the ministries involved. And I hope that also, there was one more question from Alvin Thumb with regards to what, what the organization should adhere to if there's a lack of awareness and training. So I guess the very simple answer is, they can reach out to you, because cyber security would be the, maybe the central coordinating agency, and then if you have insufficient resources, you can also reach out to Cyber security Malaysia, because of National Agenda, you'll be able to help them with that.

Nurul - CSM: 51:50

Just to add up that way why. Okay, I'm so I love to speak about awareness, because we have a very good awareness program and content which are actually for free and publicly available through our website. You can just access it at cyber group, cyber safe.my. Okay, there's a lot of that. There's poster there, quizzes, games, to actually get a different level of audience so you are most welcome to just download everything that is for free. So if, let's say, you want to organize a awareness campaign in your organization, like perhaps you can start with email, casting some posters or awareness email, you can just copy it. You can just whatever we have there.

YY - AIBP: 52:41

Yeah, I believe our team just sent the link to everyone via the chat function, so you can also access the link from here and download the resources that you need in order for your own organization use. We are coming to the end of today's discussion, and I just want to wrap this up by looking into maybe the top three cyber security areas that the country is focusing on, right because there are so many different areas we spoke about the growth of like, say, AI and emerging technologies. But from your perspective at DICT, at the Cyber security Malaysia. What's the top three cyber security areas that Malaysia and the Philippines is focusing on? Maybe we can start with you, Shine.

Maria - DICT: 53:30

One of the focus that we have right now is to implement the National Cyber Security Plan of 2023-2028 implementing that it's it entails the people process technology framework. So we're looking at in the capacity building of our workforce, as well as we're looking at to pass on the policies and laws in cyber security to strengthen up or to anchor those policies in in effect, to the the National Cyber Security Plan. As well as we look, we're looking also to update ourselves or to capacitate ourselves in the technology aspects of the cyber security so in terms of technology wise, we have to secure our national backbone, our our the the government backbone, as well as our submarine cables, those PPEs that we need to secure our critical infrastructures. So that's the three, I think that's the three issues, and the challenges that we need to address prior to this implementation of the National Cyber plan

YY - AIBP: 54:54

Is that a timeline with regards to the regulations and the policies?

Maria - DICT: 54:58

Um, where did. With regards to the policies we're looking at, or we're coordinating with the House of the Representatives in the Senate and our Senate to pass on the cyber security bill that would expand the operations of the Cyber Security Bureau of the DICT, as well as to capacitate ourselves with regulations, regulation, regulatory powers. So hopefully we're some, some representative House of Representative, and a senator would be able to sponsor the hearing for the National Cyber for the cyber security bill.

YY - AIBP: 55:48

Understand. Thank you very much, Shine. How about yourself? Nurul, what are the top three areas for Malaysia? So many to choose from right? How to select only three? Sorry, no, you're on mute.

Nurul - CSM: 56:11

Sorry, um, top three, um, I think that's the recent emerging technology that we have, like, like cloud security, AI and now we are more and more on OT, OT security as well. So I guess that it is the things that we need to address accordingly from our part. So when, we mentioned address is not only like to identify, is the whole process right in identifying the risk, the threat and all that, and later on, how to solve it, how to make sure organizations are resilience against it, and what are the capability that are required to ensure you can protect against all of those. So it's basically, it always go back to the PPT - People, Process and Technology in handling it. So I guess that even in our recently, last year, enforced the Cyber Security Act, the act of 854, with cater all. I mean is yeah is only for the critical infrastructure of the government of the country, but it will be expanded to, I mean, to another scope later. So I believe that is good for everyone to actually develop the resilience initiative by using that, by using whatever the requirements regulated in the act, so it's good to develop it by making a reference to that requirements.

YY - AIBP: 58:10

Thank you very much, Nurul. Well, Nurul spoke about ot I think earlier we talk about digital trust with that, I'd like to thank today's stakeholders for spending their time with us and giving everyone on the call a deep insight into what the country, Philippines and Malaysia, is doing with driving AI cyber resilience within the country itself. Well, tomorrow we'll be looking at the evolution of digital trust in the age of AI. We will also have a real rahib from Tenaga Nasional Berhad, and in our previous discussion with their CIO Azlan, he mentioned about how OT security is actually of very high importance to the organization. He will be joined together with Indosat and also AXIATA , who will be looking into strategies of how you can drive digital trust in the age of AI. Going further into today's discussion, taking the enterprise perspective, well, we spoke about how you can join our activity. So this is one way where you can scan to register for tomorrow's session, but if you're interested to connect with us in person or be part of our other activities, this is some of the activities that you can look forward to. So as of now, we are looking for Lighthouse projects for our AIBP Innovation Awards. So if you are enterprise, or if you know of an enterprise who have embarked on a digital transformation effort and have seen incredible results that can be skilled and can act as an advocate for digital transformation in Southeast Asia. Uh, please do share their case studies. We'll be sharing the link on the site where you can submit a nomination on their behalf or on behalf of your own organization. In the second half of the year, in July, 9 and 10th, we will be having our AIBP Conference & Exhibition in Malaysia. And similarly, we'll be doing the same in September, 23 and 24th in the Philippines itself. So this are our largest activities, where we gather about 400 to over 500 stakeholders within the country itself to talk about topics around cyber security, AI, future work, tech for ESG and other specific discussions in each of the industries. With that, I would like to thank you for your time today. Appreciate your insights. Nurul and Shine, and it's been a pleasure to have both of you on this session with us. I'd like to close off this session by inviting both of you for a virtual picture. So if you could just look into the picture, into your screen camera, and we'll take a quick picture. 123, thank you very much. And to all our audience, I hope you had your questions answered, and if you're interested to ask any more questions, do reach out to our team at AIBP, and we'll direct the questions to you. Thank you very much, Shine. Thank you very much, Nurul.

Unknown: 1:01:37

So much for having us.

Nurul - CSM: 1:01:40

Thank you, everyone. Sorry again.

YY - AIBP: 1:01:43

No problem. It was important. It was used for good cause, and screaming your favorite band, right? Oh, my God,

Nurul - CSM: 1:01:52

thank you. Bye

YY - AIBP: 1:01:54

take care. Bye, bye.

Unknown: 1:01:57

We hope you've enjoyed the episode. For more information about business growth in the ASEAN region, please visit our website@www.aibp.sg you.