Enhancing Malaysia’s cyber defence strategy: Role of the Armed Forces
In the digital age, cyberspace has become a critical domain of warfare where state and non-state actors engage in conflicts beyond traditional boundaries. Malaysia faces increasing cyber threats that endanger national security, the economy, and society.
Sophisticated cyber-attacks now target information infrastructure, making cybersecurity essential in protecting personal information, financial data, and intellectual property. The Malaysia National Security Policy (2021-2025) emphasises the need for robust cyber defence to safeguard the nation’s sovereignty.
The need to improve Malaysia’s cyber defence strategy stems from the growing threat to critical information infrastructures. The National Cyber Security Agency (NACSA) reported a surge in cyber threats in the first half of 2024, including data breaches, ransomware attacks, and cyber espionage.
Additionally, geopolitically motivated cyberattacks, such as China’s activities in the South China Sea, threaten Malaysian sovereignty. This rising complexity of cyber warfare necessitates a resilient and adaptive cyber defence strategy.
Recognising these growing threats, the Malaysian Armed Forces has integrated cyber defence into their broader operational strategies, working closely with NACSA and other agencies to coordinate the nation’s cyber defence. The Armed Forces role aligns with global trends where military forces increasingly support national cybersecurity efforts. The Russia-Ukraine conflict has demonstrated the importance of pre-emptive measures in countering cyberattacks that precede or coincide with military actions. However, Malaysia’s current cyber defence framework still faces significant challenges in addressing sophisticated threats from state actors.
The Armed Forces is crucial for enhancing Malaysia’s cyber resilience. Its intelligence, surveillance, and reconnaissance (ISR) capabilities can be leveraged to detect and respond to cyber threats in real time. Additionally, the MAF collaborates with civilian agencies and the private sector to foster a Whole-of-Government and Whole-of-Society (WOGOS) approach, ensuring comprehensive cybersecurity readiness across all sectors.
Globally, cyber threats are diverse and sophisticated, involving state-sponsored attacks, cyber espionage, and cyberterrorism. Russia’s 2022 cyberattacks on Ukraine, which disrupted infrastructure, government, and financial sectors, exemplify the scale and impact of modern cyber warfare.
In response, Ukraine strengthened its cybersecurity through collaboration with the North Atlantic Treaty Organisation (Nato) and the European Union (EU), emphasising the importance of international partnerships in mitigating cyber threats. Similarly, the MAF collaborates within Asean through the Asean Cyber Defence Network (ACDN), which aims to enhance regional cyber defence capacities.
In Malaysia, cyber threats are escalating, with incidents like the WannaCry ransomware attack affecting critical systems. The region faces significant challenges, such as data breaches and phishing attacks, which have increasingly targeted financial institutions and exposed critical vulnerabilities in both the public and private sectors.
To effectively mitigate these risks, Malaysia must enhance its cyber defence capabilities and foster stronger cooperation at both regional and international levels. This approach will enable more robust collective responses to evolving cyber threats and protect the nation’s critical infrastructure and digital economy.
Malaysia’s National Cyber Security Policy (NCSP), established in 2006, serves as the blueprint for protecting the nation’s critical information infrastructure. The policy emphasises governance, incident response management, and capability development. The Armed Forces complements this framework by providing strategic and operational support, integrating military cyber defence capabilities with national efforts. Additionally, the Armed Forces plays a key role in developing cyber defence human capital, contributing to a more resilient cyber environment.
The Armed Forces has made significant strides in strengthening its cyber defence capabilities. The Defence Cyber and Electromagnetic Division (BSEP) was established to demonstrate Malaysia’s commitment to addressing cyber threats in defensive and offensive capacities. The BSEP oversees the Cyber Defence Operations Centre (CDOC), which coordinates military cyber defence activities and ensures the resilience of military networks.
The Armed Forces efforts are supported by the Future Force Directive 2024, which envisions reconfiguring Malaysia’s warfare architecture, especially in the cyber and electromagnetic domains. This strategy includes upgrading technological assets such as firewalls and encryption solutions to defend against hacking, malware, and cyber espionage. Additionally, Malaysia’s participation in Asean initiatives, including the Asean Cybersecurity and Information Centre of Excellence (ACICE), enhances its regional collaboration on cybersecurity.
The Armed Forces faces several challenges in developing a robust cyber defence strategy, including outdated infrastructure, rapid technological change, and a skills gap. Many of the Armed Forces systems were inherited from conventional warfare and may not be fully optimised to counter modern cyber threats. Upgrading these systems requires significant investment in hardware, software, and personnel.
Furthermore, adversaries’ rapid evolution of offensive cyber capabilities adds complexity to the MAF’s defensive strategies. The skills gap remains a significant issue, as the military struggles to attract qualified personnel who often seek more lucrative opportunities in the private sector. Training programmes and capacity-building initiatives are essential to overcoming this challenge and ensuring the Armed Forces remains competitive in cyberspace.
Inter-agency cooperation and public-private partnerships are crucial for enhancing Malaysia’s cyber defence. Effective collaboration between the Armed Forces, NACSA, and other civilian agencies can foster real-time responses to cyber incidents. International cooperation through Asean platforms like the ACDN further strengthens Malaysia’s cybersecurity by sharing best practices and conducting joint military exercises.
Malaysia should adopt a multifaceted approach that includes policy updates, technological advancements, and collaboration to enhance its cyber defence strategy. Drawing from best practices, Malaysia could develop a comprehensive doctrine outlining its stance on offensive and defensive cyber operations, similar to the US Department of Defence’s 2023 Cyber Strategy.
Additionally, the Armed Forces should prioritise upgrading its cyber infrastructure and integrating emerging technologies like artificial intelligence, quantum computing, and blockchain to strengthen its capabilities. Addressing the skills gap by collaborating with educational institutions and the private sector to develop training programmes is essential. Competitive salaries and career development opportunities will help retain skilled personnel.
Malaysia faces significant cyber threats that challenge its national security and economic stability. The Armed Forces plays a vital role in reinforcing the nation’s cybersecurity agenda, particularly in addressing unconventional warfare threats.
By integrating advanced technologies and strengthening collaborations with civilian agencies and international partners, the Armed Forces can significantly enhance Malaysia’s cyber resilience. Policymakers should adopt a comprehensive strategy that balances offensive capabilities with cyber diplomacy, leveraging Asean as a platform for regional cooperation. This approach will help Malaysia safeguard its national interests, adhere to international norms, and contribute to regional and global cyber stability.
Colonel Azman Md Zain is a senior officer in the Malaysian Army and is currently attending the National Resilience Course at National Resilience College, PUSPAHANAS.
The views expressed here are the personal opinion of the writer’s and do not necessarily represent that of Twentytwo13.