National Security Council DG’s ‘weak govt ICT systems’ concern raises questions, opens can of worms
Had it been an investigative journalism piece uncovering weak information and communications technology (ICT) and alleged graft within Malaysian government agencies, it would have been praised as award-worthy.
However, the ‘exposé’ wasn’t the work of journalists. Instead, it was National Security Council (NSC) director-general Raja Datuk Nushirwan Zainal Abidin himself, who revealed last Friday that some 150 systems out of 740 ICT systems managed by a government agency were dormant, with unclear ownership.
During a town hall session on the National Security Index in Putrajaya on Sept 27, Raja Nushirwan added this reflected poor data management practices among government officials.
He was quoted as saying: “On a scale of 0 to 10, I’d rate government ICT systems at best a 2. In some cases, they could be a zero. This is the reality of our national security.”
Raja Nushirwan also alleged collusion between government officials and IT vendors, where systems were procured without proper scrutiny.
“So this is a shocking situation. And we all know the reason why. Because you have a division secretary who comes into that division, dia ada kawan kat luar jual (he has a friend on the outside), a vendor who sells the system ... boleh kawtim (to settle). In the end, X number of years down the road you have 740 systems,” Raja Nushirwan said.
These damning allegations came a week after Prime Minister Datuk Seri Anwar Ibrahim announced that Malaysia had approved digital investments totalling RM185.3 billion between 2021 and June 2024. The kawtim claim has also put a dent in the Madani government’s efforts in fighting graft.
Raja Nushirwan’s comments have raised many questions and may have opened a can of worms. Among them:
i. Did the NSC inform the said government agency of these observations? What about other agencies?
ii. Was Anwar informed of this? For the record, the NSC falls under the Prime Minister’s Department.
iii. Is the National Cyber Security Agency, also under the Prime Minister’s Department, aware of this?
iv. Has, or will, the NSC lodge reports with the authorities like the Malaysian Anti-Corruption Commission over the kawtim allegation?
v. How will this impact Malaysia’s digital transformation goals, especially with the Asean chairmanship next year?
Raja Nushirwan, a seasoned diplomat and former Ambassador to China, must be aware of the weight of his words. His revelation may have been borne out of frustration, but many believe such matters should have been handled internally, without risking national security.
His comments could serve as an ‘invitation’ for bad actors to exploit vulnerabilities in Malaysia’s ICT infrastructure. Cyberattacks have been on the rise globally, influenced by geopolitical tensions.
Indonesia’s Temporary National Data Centre (PDN) was hacked in June, disrupting key services. The attackers demanded US$8 million, threatening to sell data on the dark web.
Dr Surachanee Sriyai, a visiting fellow at the ISEAS - Yusof Ishak Institute, highlighted in February that Thailand's negligence in addressing public sector cybersecurity concerns, combined with a lack of accountability, can erode public trust and hinder e-service adoption.
Building trust is vital, particularly for investors, if nations want to benefit from the ongoing technological boom.
While Raja Nushirwan’s statements make for attention-grabbing headlines, they’ve also potentially exposed the country to digital threats and highlighted the corruption that’s plagued Malaysia for years.
If Putrajaya is serious about its ‘Whole of Government’ approach, it needs to start communicating better. Otherwise, such ‘own-goal’ comments could potentially harm the nation.