PIKOM, the National ICT Association of Malaysia, acknowledges the recent security breach affecting the PADU platform launched by the Malaysian government.
The association, in a statement on Jan 6 said, while they commend the government’s initiative in developing and deploying PADU utilising internal public sector expertise, they believe the vulnerabilities discovered highlight the need for a more comprehensive approach to cybersecurity in critical government IT infrastructure.
“We applaud the objective of PADU – streamlining public service delivery for citizens. Utilizing internal talent for such projects fosters self-reliance and knowledge retention within the public sector. However, when it comes to complex technological initiatives, particularly those involving sensitive data, striking a balance between leveraging existing resources and engaging external expertise is crucial,” the statement read.
The fundamental nature of the discovered vulnerabilities suggests that they could have been identified during the development and testing phases.
This underscores the importance of involving independent, industry-expert security personnel in comprehensive security assessments throughout the entire software development lifecycle.
Such assessments, conducted by real-world threat actors and penetration testers, would significantly bolster the platform’s resilience against cyberattacks.
Furthermore, PIKOM urges the government to consider collaborating with the private sector in upskilling public officers in niche areas like cybersecurity.
Industry attachments, where public officers spend time working within established private companies, can provide invaluable real-world experience and exposure to cutting-edge security practices.
This knowledge transfer would then enhance internal capabilities and ensure future projects are developed with robust security considerations from the outset.
PIKOM remains committed to working with the government and industry stakeholders to strengthen Malaysia’s overall cybersecurity posture. We believe that by adopting a collaborative approach, including leveraging independent expertise, promoting knowledge sharing, and fostering upskilling initiatives, we can build a more secure and robust digital infrastructure for the nation.
