By: Sonny Zulhuda
Above is the title of my paper that has been approved for presentation at the International Symposium on Social Management Systems (SSMS 2010) to be held in March this year in Kochi, Japan. The abstract reads as follows:
The increasing reliance of critical infrastructures (such as those operating the national communications, energy, transport, and defence systems) on a computerized and networked environment imposes an enormous security task for both their operators and users. The fact that attack to critical infrastructure is not merely an ordinary criminal matter but rather an issue of national security makes it more urgent for policy-makers to come up with policies or laws addressing various issues ranging from information sharing to public-private cooperation, from technical solutions to security procedures, and from public awareness to law enforcement.
Looking at the scope it covers and the role it plays, the law on critical information infrastructures is so critical not only because it is part of national security measures, but also because the law may well determine the level of national readiness for landing a global investment. This is true because major business processes are now dependent on the secure information technology tools and networks. The biggest task ahead for policy-makers is therefore to prepare the best legal framework to protect the country’s critical information infrastructure and, at least, to manage and minimise the security risks that surround a networked environment.
This paper hypothesizes that security risk management of the critical information infrastructure can not be effectively sustained without a comprehensive framework that consists of, among others, good policies and legal framework. In Malaysia, the legal framework on CII can be found in several pieces of legislation. This paper seeks to discuss the role of the law especially on the restriction of access to and movement in the perimeters of CII as well as the law on computer and network security
KEYWORDS: critical information infrastructure, legal framework