/akn/my/act/pua/2024/220

PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024

The full official text, structured for quick navigation. Copy any provision or jump straight to a section.

Open source PDF
Type
P.U. (A)
Status
In force
Enacted
2024
Sections
3

Quick answer

About this p.u. (a)

PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 is Malaysia P.U. (A), cited as P.U. (A) 220 2024, currently marked in force and first recorded in 2024.

Opening note

Preamble

Suggest a correction
  1. PADA menjalankan kuasa yang diberikan oleh seksyen 63 Akta Keselamatan Siber 2024 [Akta 854], Menteri membuat peraturan-peraturan yang berikut: Nama dan permulaan kuat kuasa

Seksyen 1

Open as pageSuggest a correction

(1)

Peraturan-peraturan ini bolehlah dinamakan Peraturan-Peraturan

Keselamatan Siber (Pemberitahuan Insiden Keselamatan Siber) 2024.

Suggest a correction

(2)

Peraturan-Peraturan ini mula berkuat kuasa pada 26 Ogos 2024.

Tempoh pemberitahuan dan butiran maklumat

Suggest a correction

Seksyen 2

Open as pageSuggest a correction

(1)

Orang yang diberi kuasa bagi entiti infrastruktur maklumat kritikal negara hendaklah memberitahu dengan segera, melalui cara elektronik, mengenai suatu insiden keselamatan siber yang telah atau mungkin telah berlaku sebagaimana yang diperuntukkan di bawah seksyen 23 Akta apabila insiden keselamatan siber itu diketahui oleh entiti infrastruktur maklumat kritikal negara.

Suggest a correction

(2)

Dalam masa enam jam daripada insiden keselamatan siber itu diketahui oleh entiti infrastruktur maklumat kritikal negara, orang yang diberi kuasa hendaklah mengemukakan butiran maklumat seperti yang berikut:

(b)

butiran entiti infrastruktur maklumat kritikal negara yang terlibat, sektor infrastruktur maklumat kritikal negara dan ketua sektor infrastruktur maklumat kritikal negara yang berkaitan dengannya; dan

P.U. (A) 220 3

Suggest a correction

(c)

maklumat mengenai insiden keselamatan siber termasuk—

Suggest a correction

(i)

jenis dan perihal insiden keselamatan siber;

(iii)

tarikh dan masa insiden kejadian keselamatan siber disedari; dan

Suggest a correction
Suggest a correction
Suggest a correction

(3)

Dalam masa empat belas hari selepas pemberitahuan yang disebut dalam subperaturan (1), orang yang diberi kuasa hendaklah mengemukakan setakat yang boleh maklumat tambahan seperti yang berikut:

(a)

butiran infrastruktur maklumat kritikal negara yang tejejas oleh insiden keselamatan siber itu;

Suggest a correction

(b)

bilangan hos yang dijangka terjejas dengan insiden keselamatan siber itu;

Suggest a correction

(d)

artifak yang berkenaan dengan insiden keselamatan siber;

Suggest a correction

(e)

maklumat mengenai apa-apa insiden yang berhubungan dengan, dan cara insiden itu yang berkaitan dengan, insiden keselamatan siber itu;

Suggest a correction

(f)

butiran taktik, teknik dan tatacara insiden keselamatan siber itu;

P.U. (A) 220 4

Suggest a correction

(g)

kesan insiden keselamatan siber terhadap infrastruktur maklumat kritikal negara atau mana-mana komputer atau sistem komputer yang saling bersambung; dan

Suggest a correction
Suggest a correction

(4)

Orang yang diberi kuasa oleh entiti infrastruktur maklumat kritikal negara hendaklah menyediakan, dari semasa ke semasa, kemas kini lanjut mengenai insiden keselamatan siber sebagaimana yang dikehendaki oleh Ketua Eksekutif.

Cara pengemukaan maklumat

Suggest a correction

Seksyen 3

Open as pageSuggest a correction

Pengemukaan maklumat di bawah subperaturan 2(2) dan (3) hendaklah dibuat melalui Sistem Pusat Penyelarasan dan Kawalan Siber Negara atau sekiranya berlaku gangguan pada Sistem Pusat Penyelarasan dan Kawalan Siber Negara, dengan komunikasi sebagaimana yang ditentukan oleh Ketua Eksekutif.

Dibuat 19 Ogos 2024

[MKN(S).10.600-9/2/4 Jld.9(5); PN(PU2)768]

DATO’ SERI ANWAR BIN IBRAHIM

Perdana Menteri

P.U. (A) 220 5

CYBER SECURITY ACT 2024

CYBER SECURITY (NOTIFICATION OF CYBER SECURITY INCIDENT)

REGULATIONS 2024

Opening note

Preamble

Suggest a correction
  1. IN exercise of the powers conferred by section 63 of the Cyber Security Act 2024 [Act 854], the Minister makes the following regulations: Citation and commencement 1.

(1)

These regulations may be cited as the Cyber Security (Notification of

Cyber Security Incident) Regulations 2024.

Suggest a correction

(2)

These Regulations come into operation on 26 August 2024.

Period of notification and particulars of information 2.

Suggest a correction

(1)

An authorized person of a national critical information infrastructure entity shall immediately, by electronic means, give a notification of a cyber security incident that has or might have occurred as provided under section 23 of the Act when the cyber security incident comes to the knowledge of the national critical information infrastructure entity.

Suggest a correction

(2)

Within six hours from the time the cyber security incident comes to the knowledge of the national critical information infrastructure entity, the authorized person shall submit the following particulars of information:

(b)

the particulars of the national critical information infrastructure entity concerned, the national critical information infrastructure sector and national critical information infrastructure sector lead to which it relates; and

P.U. (A) 220 6

Suggest a correction

(c)

the information on the cyber security incident including—

Suggest a correction

(i)

the type and description of the cyber security incident;

(iii)

the date and time of the occurence of the cyber security incident is known; and

Suggest a correction

(iv)

the method of discovery of the cyber security incident.

Suggest a correction
Suggest a correction
Suggest a correction

(3)

Within fourteen days after the notification referred to in subregulation (1), the authorized person shall provide to the fullest extent practicable the following supplementary information:

(a)

the particulars of the national critical information infrastructure affected by the cyber security incident;

Suggest a correction

(b)

the estimated number of host affected by the cyber security incident;

Suggest a correction

(c)

the particulars of the cyber security threat actor;

Suggest a correction

(d)

the artifacts related to the cyber security incident;

Suggest a correction

(e)

the information on any incident relating to, and the manner in which such incident relates to, the cyber security incident;

Suggest a correction

(f)

the particulars of the tactics, techniques and procedures of the cyber security incident;

P.U. (A) 220 7

Suggest a correction

(g)

the impact of the cyber security incident on the national critical information infrastructure or any computer or interconnected computer system; and

Suggest a correction
Suggest a correction

(4)

The authorized person of the national critical information infrastructure entity shall provide, from time to time, further updates on the cyber security incident as the Chief Executive may require.

Manner of submission of information 3.

The submission of information under subregulations 2(2) and (3) shall be made through the National Cyber Coordination and Command Centre System or in the event of disruption in the National Cyber Coordination and Command Centre System, by the communication as may be determined by the Chief Executive.

Made 19 August 2024

[MKN(S).10.600-9/2/4 Jld.9(5); PN(PU2)768]

DATO’ SERI ANWAR BIN IBRAHIM

Prime Minister

Suggest a correction

Common questions

What is PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024?
PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 is Malaysia P.U. (A), cited as P.U. (A) 220 2024, currently marked in force and first recorded in 2024.
Is PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 still in force?
Yes — PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 is currently in force.
When did PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 take effect?
PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 was first recorded in 2024.
How many sections does PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 have?
PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 contains 3 sections.
Where can I read the official version of PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024?
The official text of PERATURAN-PERATURAN KESELAMATAN SIBER (PEMBERITAHUAN INSIDEN KESELAMATAN SIBER) 2024 is published at lom.agc.gov.my.