The hot topic on security circling around the national database collection programme of PADU has gotten PIKOM, the National ICT Association of Malaysia to weigh it, the association said the vulnerability aspects of the application should not be brushed aside.
The association said it acknowledges the recent security breach affecting the PADU platform launched by the Malaysian government. While commending on the government’s initiative in developing and deploying PADU utilising internal public sector expertise, it said the vulnerabilities discovered highlight the need for a more comprehensive approach to cybersecurity in critical government IT infrastructure.
Adding that when it comes to complex technological initiatives, particularly those involving sensitive data, striking a balance between leveraging existing resources and engaging external expertise is crucial.
The fundamental nature of the discovered vulnerabilities suggests that they could have been identified during the development and testing phases. This underscores the importance of involving independent, industry-expert security personnel in comprehensive security assessments throughout the entire software development lifecycle. Such assessments, conducted by real-world threat actors and penetration testers, would significantly bolster the platform’s resilience against cyberattacks.
Furthermore, it has urged the government to consider collaborating with the private sector in upskilling public officers in niche areas like cybersecurity. Industry attachments, where public officers spend time working within established private companies, can provide invaluable real-world experience and exposure to cutting-edge security practices. This knowledge transfer would then enhance internal capabilities and ensure future projects are developed with robust security considerations from the outset.
Recently Lawyers for liberty has been vocal on the data security aspect of the system calling for a suspension of PADU until the Personal Data Protection Act is amended.
