Towards a secure and sustainable Critical Information Infrastructure (CII) – Policy & Legal Frameworks

By: Sonny Zulhuda

Above is the title of my paper that has been approved for presentation at the International Symposium on Social Management Systems (SSMS 2010) to be held in March this year in Kochi, Japan. The abstract reads as follows:

The increasing reliance of critical infrastructures (such as those operating the national communications, energy, transport, and defence systems) on a computerized and networked environment imposes an enormous security task for both their operators and users. The fact that attack to critical infrastructure is not merely an ordinary criminal matter but rather an issue of national security makes it more urgent for policy-makers to come up with policies or laws addressing various issues ranging from information sharing to public-private cooperation, from technical solutions to security procedures, and from public awareness to law enforcement.

Looking at the scope it covers and the role it plays, the law on critical information infrastructures is so critical not only because it is part of national security measures, but also because the law may well determine the level of national readiness for landing a global investment. This is true because major business processes are now dependent on the secure information technology tools and networks. The biggest task ahead for policy-makers is therefore to prepare the best legal framework to protect the country’s critical information infrastructure and, at least, to manage and minimise the security risks that surround a networked environment.

This paper hypothesizes that security risk management of the critical information infrastructure can not be effectively sustained without a comprehensive framework that consists of, among others, good policies and legal framework. In Malaysia, the legal framework on CII can be found in several pieces of legislation. This paper seeks to discuss the role of the law especially on the restriction of access to and movement in the perimeters of CII as well as the law on computer and network security

KEYWORDS: critical information infrastructure, legal framework


  1. Salam Dr. Sonny,

    Congratulations for your recent doctoral title! Alhamdulillah. I am proud of you.

    I hope your presentation went well. Do share with me the insights when the time comes.


  2. Salam Bro. Noris..
    Thank you very much for your kind note. The presentation went very well and I spent some extra days to explore Japan too. The issue on law on CII has not been much explored by anybody else in general, let alone in Malaysia. I guess it is another wide research area to embark on. Thank you for keeping in touch. I also heard about your forthcoming presentation on cloud computing in UK, that’s is a very interesting topic! Am also looking forward to having your sharing session in MMU. Will be in touch with my colleagues about this. All the best Bro!


  3. s.a. Doctor.
    I am doing PhD at Um. My topic is also related to CIIP. Maybe we can share ideas. I would like to get your suggestions on my topic. I’m still at early stage of the research. Which university are you working right now? In Malaysia?
    Terima kasih..

    1. Dear Orhan, thank you for your messages. Sorry for delayed reply. I’m now attached with IIU’s law faculty. Yes my phd was on law of info security where I also discussed on CIIP in Mlysia. Your choice on this area is excellent bcs it’s a niche area unexplored but rich of issues. I’m happy to share on this. For further discussion please e-mail me at Rgds.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s