Rear Admiral Mohd Fadzli Kamal, Defence Cyber and Electromagnetic Division (DCED) Director-General
ORDNANCE and ammunition made up of zeros and ones are just as lethal in the 21st century – they are silent, invisible and move at lightspeed. Cyber threats exist due to the advances in digital technology and borderless communications, with various nefarious parties constantly attempting to execute cyber and electromagnetic threats which can endanger the national security of a country as well as its sovereignty.
While countries continuously improve and innovate on their defence systems and equipment, equal importance and investment must be placed in the cyber realm and ensuring robust, defensive (and if need be, offensive) capabilities. Although cyber means of warfare and cyber crimes are dissimilar in intentions, they are sometimes spoken in the same breath. To counter them there must be a whole of government approach and cooperation with the commercial sector, along with international interactions. The Ministry of Defence Malaysia’s Defence Cyber and Electromagnetic Division (DCED) Director-General, Rear Admiral Mohd Fadzli Kamal Mohd Mohaldin, speaks to the Asian Defence Journal on its approach to enhance Malaysia’s cyber resilience.
ADJ: The DCED plays a crucial role in safeguarding the Malaysian Armed Forces’ (MAF) varied operational capabilities in the cyber and electronic warfare realm. Can you elaborate on how the DCED ensures seamless integration and information sharing with the Army, Navy and Air Force?
DG-DCED: We are strengthening a unified command-and-control structure and constantly improving cyber defence protocols through what is known as the Network Security Monitoring Operation Centre (NESMOC). Advanced monitoring systems are used to connect and monitor the Tri-Services Secured Network. These systems ensure that all branches have access to the same threat intelligence and can coordinate their responses effectively.
Through common cybersecurity frameworks, the division implements standardised cybersecurity frameworks and protocols across all branches of the MAF. This ensures that there is a consistent approach to cyber defence, with all units following the same procedures for threat detection, incident response and recovery.
This is further backed up by regular compliance checks and audits are conducted to ensure that all branches adhere to the established cybersecurity standards. This helps maintain a high level of cyber hygiene across the entire MAF.
ADJ: Building a culture of cybersecurity awareness is essential. How does the DCED promote cybersecurity awareness and best practices within the MAF and among the Malaysian public?
DG-DCED: This important aspect is conducted via training and education programmes. In regular cybersecurity training, we conduct mandatory cybersecurity training sessions for all MAF personnel. These sessions cover topics such as recognising phishing attacks, securing personal devices and safe internet practices.
Through advanced cyber training, specialised training programmes are offered for personnel in key roles, such as IT staff and cybersecurity teams, to ensure they have the necessary skills to defend against sophisticated cyber threats.
We also conduct and engage ourselves through public awareness campaigns such as roadshows: The DCED works together with the National Cyber Security Agency (NACSA), CyberSecurity Malaysia (CSM) and Yayasan Digital Malaysia (MyDigital) to promote awareness about cybersecurity among the public. This initiative includes workshops, seminars and an extensive online presence to educate citizens about safe online practices.
Through collaborations with educational institutions, we are involved in cybersecurity curriculum development: The DCED has encouraged universities such as Universiti Teknologi MARA (UiTM) and Universiti Pertahanan Nasional Malaysia (UPNM) to integrate cybersecurity education into their curricula. This includes developing modules and courses on cybersecurity fundamentals and emerging threats. “Siber Siaga 2024” is the best manifestation of this initiative.
ADJ: Building a robust cyber defence requires a multi-pronged approach. Can you elaborate on the strategies the DCED employs to enhance Malaysia’s cyber resilience?
DG-DCED: Participation in international cybersecurity partnerships and forums enables Malaysia to stay updated on global cyber threat trends and strategies. It also facilitates the sharing of intelligence and best practices with other nations, enhancing collective cybersecurity efforts.
NACSA: The DCED works closely with NACSA, which coordinates the nation’s cybersecurity efforts across different government sectors. This partnership ensures a unified response to cyber threats and promotes the sharing of best practices and threat intelligence. The Cyber Security Bill 2024 passed recently by the Malaysian Parliament aims to establish a robust regulatory framework to protect Malaysia’s cyber landscape, particularly its critical information infrastructure, against evolving cyber threats.
Coordination with law enforcement agencies is also very important here. Collaboration with the Royal Malaysian Police and other law enforcement agencies is crucial for investigating and mitigating cybercrimes, enhancing the overall security posture.
The DCED also engages with private sector companies, particularly those involved in critical infrastructure, to develop and implement advanced cybersecurity measures. This includes sharing threat intelligence, conducting joint cyber drills, and fostering an environment of continuous improvement in cybersecurity practices.
Cybersecurity frameworks: Implementation of industry-standard cybersecurity frameworks, such as the NIST Cybersecurity Framework, helps ensure that both public and private entities adhere to best practices in managing cyber risks.
ADJ: What about emerging technologies like artificial intelligence and quantum computing that have implications for both offensive and defensive cyber capabilities? How is the DCED preparing for these advancements and ensuring the MAF stays ahead of the curve?
DG-DCED: We do this through collaborations with technology partners both at the local and international levels, and also via capacity building and training.The DCED partners with international cybersecurity organisations and tech companies to stay updated on the latest advancements in AI and quantum computing. These partnerships facilitate the exchange of knowledge, technologies and best practices.
As for local industry engagement, collaborations with local tech companies and start-ups are encouraged to foster innovation and the development of indigenous technologies. This helps build a robust ecosystem capable of addressing unique national security challenges.
We stress on capacity building, and again, specialised training programmes for MAF personnel on emerging technologies. These programmes cover the practical applications of AI and quantum computing in cybersecurity, ensuring that personnel are equipped with the necessary skills to leverage these technologies effectively.
Continuous learning initiatives, including workshops and seminars, are organised to keep MAF personnel updated on the latest technological trends and advancements. This ensures ongoing skill development and preparedness.
ADJ: As the cyber and electromagnetic threat landscape is constantly evolving, what are the most significant emerging threats facing Malaysia’s defence systems, and how is the DCED adapting its strategies to address them?
DG-DCED: The most significant ones are ransomware and AI-powered cyber threats: Ransomware remains a prevalent threat, becoming more complex and collaborative among cybercriminals. AI is being increasingly utilised by threat actors to enhance phishing attacks and develop malicious large language models capable of generating fake news, misinformation in the information domain of hybrid warfare and, in conducting cyberattacks. DCED strategies to counter them include:
a. Cyber defence cooperation: Malaysia actively participates in ASEAN’s defence cooperation initiatives, which focus on enhancing cybersecurity through collaboration and shared expertise among member states.
b. National Military Strategy 2.0: This strategy aims to guide the Malaysian Armed Forces in preparing for future threats by updating asset criteria and ensuring robust defence systems are in place for the next five to 10 years.
c. Comprehensive defence: The DCED contributes to the concept of Comprehensive Defence, a strategic pillar of Malaysia’s defence strategies. This involves cross-sector collaboration among government agencies, industry players, academia and the cyber community.
d. Organisational structure: The Division is being restructured to enhance collaboration with regional and global defence organisations. This alignment ensures a coordinated response to cyber and electromagnetic threats, and,
e. Robust cybersecurity measures: To safeguard critical infrastructure and sensitive data.
ADJ: Cybersecurity expertise is in high demand globally. How does the DCED attract and retain top talents, and what training programmes are in place to develop a skilled cyber workforce within the MAF?
DG-DCED: We offer competitive benefits, and career advancement opportunities to attract top talent. This includes unique benefits such as specialised training, opportunities for international collaboration and the prestige of serving in a critical national security role.
Collaboration with leading universities and technical institutions to create tailored cybersecurity programme helps attract young talent. These partnerships often include scholarship programs, internships and guaranteed job placements for graduates. Establishing internship programmes allows the DCED to identify promising talent early on. Interns can gain practical experience while contributing to the organisation’s mission.
To retain talent, we recognise outstanding performance through awards, promotions and public acknowledgment fosters loyalty and commitment. The DCED emphasises on-going professional development through advanced training programmes, certifications and opportunities to attend international cybersecurity conferences and workshops. This ensures that all personnel remain at the cutting edge of cybersecurity knowledge and practices.
Creating a supportive and dynamic work environment that encourages innovation and collaboration helps retain skilled professionals. The DCED fosters a culture of continuous learning and values the contributions of its cyber workforce.
As for training programmes involving military and cyber exercises, regular participation in national and international cyber exercises helps personnel develop practical skills in a simulated environment. These exercises provide valuable experience in responding to real-world cyber threats and enhance the operational readiness of the DCED.
Personnel are encouraged to obtain industry-recognised certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and others. These certifications validate their skills and knowledge in specific areas of cybersecurity. Specialised training in advanced threat intelligence and analysis prepares personnel to identify and mitigate sophisticated cyber threats. This training often includes collaborations with international cybersecurity experts and agencies.
ADJ: Cyber threats are transnational. How does the DCED collaborate with international partners to share intelligence, best practices and conduct joint exercises to improve regional cybersecurity?
DG-DCED: Malaysia has established bilateral and multilateral agreements with various countries to facilitate the exchange of cyber threat intelligence. These agreements ensure that Malaysia receives timely and actionable information about emerging threats, enabling a proactive defence posture.
The division aligns its cybersecurity practices with international standards and frameworks, such as those developed by the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST). This alignment ensures that Malaysia’s cybersecurity measures are on par with global best practices. We regularly participate in and host international workshops, seminars and conferences. These events provide platforms for discussing cybersecurity challenges, sharing solutions and learning from global experts.
We also take part in regional and international cyber drills, such as the Defence Cyber Marvel 2024 organised by the UK, and Cobra Gold 2024, co-chaired by Thailand and the US.
ADJ: Public-private partnerships are increasingly important in cybersecurity. Can you describe any existing collaboration with private sector companies to leverage their expertise and technology for national defence?
DG-DCED: We collaborate with three government entities involved in cybersecurity. The Malaysia Digital Economy Corporation (MDEC) fosters partnerships between the government, private sector and academia to advance the cybersecurity industry in Malaysia. These collaborations focus on developing cybersecurity talent, promoting innovation and enhancing the overall cybersecurity ecosystem.
CSM, an agency under the Ministry of Science, Technology and Innovation (MOSTI), collaborates with various tech companies such as Microsoft, Cisco and FireEye. These partnerships involve sharing threat intelligence, conducting joint cybersecurity exercises and developing advanced security solutions. CSM works with private firms to promote public awareness campaigns on cybersecurity best practices. These campaigns aim to educate the public and businesses on how to protect themselves from cyber threats, thereby enhancing national cyber resilience.
The National Cyber Coordination and Command Centre (NC4) collaborates with private cybersecurity firms to facilitate real-time sharing of threat intelligence. This cooperation helps in the early detection and mitigation of cyber threats, ensuring a swift response to potential cyber incidents. Private companies assist NC4 in incident response activities by providing expertise and advanced tools to manage and resolve cybersecurity incidents efficiently.
ADJ: Is the DCED working with Malaysian defence industries to encourage the development of indigenous cyber defence capabilities and technologies?
DG-DCED: Telekom Malaysia (TM), a major telecommunications provider, operates and provides comprehensive cybersecurity services to both public and private sectors through its Cyber Defence Operation Centre (CDOC). The centre offers services like threat monitoring, risk assessment and incident response, contributing significantly to national cybersecurity efforts. TM collaborates with government agencies and international cybersecurity firms to conduct research on emerging cyber threats and develop innovative security solutions.
ADJ: As the cyber threat landscape evolves, what is your vision for the future of the DCED and its role in safeguarding Malaysia’s national security in the digital age?
DG-DCED: The vision of the DCED is to emerge as a leading authority in cyber and electromagnetic operations. The MAF aim to be recognised as a credible and formidable force in this domain, aligning with the objectives outlined in the Defence White Paper (DWP) and the 4DMAF transformational plan.
ADJ: The CyberDSA conference and exhibition has established itself as a leading regional platform for cybersecurity collaboration. How does the DCED view CyberDSA’s role in advancing Malaysia’s cyber defence capabilities and fostering international cooperation in this critical domain?
DG-DCED: CyberDSA brings together leading cybersecurity experts, technology providers and innovators. This allows the DCED and other Malaysian defence entities to stay abreast of the latest advancements in cyber defence technologies, tools and methodologies, which can be integrated into national defence strategies.
The conference serves as a forum for exchanging knowledge and best practices among participants from various countries. This sharing of expertise helps the DCED enhance its own cyber defence strategies and operational procedures. CyberDSA facilitates the establishment and strengthening of international partners. Through networking opportunities, the DCED can collaborate with foreign defence organisations, cybersecurity firms and international bodies to enhance collective cyber defence capabilities.
The conference provides a platform for planning and executing joint cybersecurity exercises and collaborative projects. These initiatives improve coordination and interoperability between Malaysia and its international partners, enhancing regional and global cybersecurity resilience.
CyberDSA offers a stage for Malaysian companies and institutions to showcase their innovations and solutions. This not only boosts the profile of local cybersecurity initiatives but also attracts potential international investors and collaborators. Insights gained from discussions and presentations at CyberDSA can inform national policy and strategy development. The DCED can leverage these insights to refine Malaysia’s cybersecurity frameworks and ensure they are aligned with global standards and trends.