Malaysia legislation
Section 35
Section 35
(2)
The investigation carried out under this Part shall be for the purposes of—
(a)
ascertaining whether a cyber security incident has occurred;
or
(b)
in the case where a cyber security incident has occurred, determining the measures necessary to respond to or recover from the cyber security incident and preventing such cyber security incident from occurring in the future.
Act 854
(3)
Upon completion of the investigation by the authorized officer under this Part—
(a)
if the authorized officer finds that no cyber security incident has occurred, the authorized officer shall notify the Chief Executive about such findings and the Chief
Executive shall notify the national critical information infrastructure entity which owns or operates the national critical information infrastructure referred to in subsection (1)
accordingly and dismiss the matter; or
(b)
if the authorized officer finds that a cyber security incident has occurred, the authorized officer shall notify the Chief Executive about such findings and the
Chief Executive shall notify the national critical information infrastructure entity which owns or operates the national critical information infrastructure referred to in subsection (1) accordingly.
(4)
Upon being notified by the authorized officer under paragraph (3)(b) that a cyber security incident has occurred, the Chief Executive may issue a directive to the national critical information infrastructure entity which owns or operates the national critical information infrastructure concerned on the measures necessary to respond to or recover from the cyber security incident and to prevent such cyber security incident from occurring in the future.
(5)
Any national critical information infrastructure entity which fails to comply with the directive of the Chief Executive under subsection (4) commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred thousand ringgit or to imprisonment for a term not exceeding three years or to both.