Section 24

The Chief Executive shall, before carrying out any cyber security exercise under subsection (1), issue a notice in writing to the national critical information infrastructure entity concerned notifying his intention to carry out such cyber security exercise in respect of the national critical information infrastructure entity.

The Chief Executive may give any directions to the national critical information infrastructure entity as the Chief Executive thinks fit for the purpose of the cyber security exercise carried out under this section.

Any national critical information infrastructure entity which fails to comply with the directions of the Chief Executive under subsection (3) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit.