Group push for higher broadband standards amid new regulations
PETALING JAYA: New regulations are set to take effect on April 1 to enhance the overall quality of wireless broadband services, with telcos required to deliver a minimum download speed of 7.7mbps.
But with the regulatory body, Malaysian Communications and Multimedia Commission (MCMC), saying that the product offerings of telcos to users will not be affected, meaning that plans below 7.7Mbps will not change after April 1, consumer and other groups have countered to say that the aim should be to improve user experience.
Federation of Malaysian Consumers Associations (Fomca) vice-president and legal adviser Datuk Indrani Thuraisingham said the download speed of 7.7mbps set is not good enough as Malaysia aims to be one of the top AI hubs in the region.
“We need to compare ourselves with other neighbouring countries to ensure that we will be able to compete,” she said when contacted yesterday.
Malaysian Association of Standards Users (Standards Users) secretary-general Saral James Maniam said the existing Mandatory Standards for Quality of Service (MSQoS) aims to safeguard consumer interests and ensure optimal wireless broadband services, while the updated one focuses on further enhancing Internet service quality across the country.
“The new MSQoS mandates an average download speed of at least 7.7Mbps, compared with the existing requirement of 2.5Mbps for mobile and 25Mbps for fixed wireless access.
“The standards will ensure the providers comply to prioritise quality and potentially invest in upgrades to meet the new standards,” she said.
After conducting a comparison of Internet download speeds in Malaysia, Singapore, Thailand, Vietnam and Indonesia, she said she found that “Malaysia can do much better”.
She said Singapore currently has among the fastest mobile download speeds at 264.15Mbps while its fixed broadband download speed is at 263Mbps.
“Singapore leads with the fastest speeds in both categories. Thailand and Vietnam have moderate speeds. Malaysia must maintain a speed that is at least comparable to that of Indonesia’s and 7.7Mbps is very low,” she added.
Saral James said MCMC will monitor compliance with the new minimum standard and penalties might apply for non-compliance, highlighting the importance of adhering to the new standards.
“There is a transparency needed on how the compliance will be monitored,” she said, adding that it would be better if users also monitor their download speeds.
“The question is what is the application available for the consumer to check and report?” she asked.
Malaysia Cyber Consumer Association president Siraj Jalil said it is important for service providers to give a clear baseline on minimum download speed.
“This will be good for users; if they understand what is their right, their awareness will increase. The authorities should also from time to time measure the service providers’ services,” said the head of the body which focuses on educating users on digital technology,
Consumers Association of Penang’s (CAP) education officer NV Subbarow said it is the duty of the government to provide the best facilities to consumers.
“Consumers are paying the charges they are requesting. The service providers must ensure and strictly follow the new ruling,” he said.
Elon musk's Starlink satellite internet is now available for subscription in Malaysia #starlink
Just landed: Starlink announced its arrival in Malaysia with a photo of its electronic phased array antenna set against a backdrop of the Petronas Twin Towers in Kuala Lumpur. — @Starlink/Twitter
PETALING JAYA: Starlink’s satellite-based broadband service is now available in Malaysia, following the Prime Minister’s virtual meeting with Elon Musk on July 14.
This makes Malaysia the 60th country to be served by the Musk-owned satellite constellation.
The service, which doesn’t come with a contract, requires users to self-install the hardware and purchase the starter kit.
Customers can try out its service for 30 days and return the hardware for a full refund if they are not satisfied with it.
In an announcement on July 20, Communications and Digital Minister Fahmi Fadzil said that Malaysia issued the licence to allow Starlink to provide Internet services locally.
He added that the government is prepared to cooperate with satellite communication firms such as Starlink to achieve 100% Internet coverage in populated areas.
However, Dr Sean Seah, Malaysian Space Industry Corporation (Masic) pro tem deputy president, is concerned that Starlink’s entry could put local companies at a disadvantage.
"Furthermore, currently Malaysia has achieved more than 96% nationwide Internet connectivity coverage (Malaysia Stats Dept 2022) with services from Malaysian companies without Starlink."
"Chances must be given to local companies that have invested billions, before bringing in Starlink to compete with them," he said.
He also claimed that Malaysia may be exposed and risks being under "surveillance" or "profiling" by Starlink satellites, adding that they are also "not owned, controlled, or regulated" by Malaysian regulators and law enforcement, and Starlink has been given a "special exemption" to operate in Malaysia as a 100% foreign-owned entity.
"This may lead to national sovereignty issues," Seah said in a statement.
Starlink’s Starlink Kit comes with an electronic phased array antenna with a base suited for ground installation, a WiFi router and cables.
The standard version, which Starlink recommends for “residential users and everyday Internet applications” costs RM2,300.
The high-performance kit, which is priced at RM11,613, is recommended for “power users and enterprise applications”.
Starlink claimed that the high-performance kit offers improved weather resistance, three times better speeds at temperatures above 35°C and better visibility, especially in areas with unavoidable obstructions.
Starlink’s Internet plan offers up to 100Mbps (megabits per second) download speed and costs RM220 monthly.
Customers will also have to pay an additional RM100 for shipping and handling fees, with delivery times expected to be between one and two weeks.
Datuk Seri Anwar Ibrahim held a discussion with Musk on July 14, welcoming the company’s decision to invest in Malaysia, which includes launching Tesla EVs and Starlink.
In an online report, Anwar said that he has ordered 40 Starlink sets for schools, colleges and universities.
Minimising the chances of attacks Cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.
ARE organisations only concerned with undertaking the right measures to mitigate cyber risk after they have been cyberattacked?
This may be the case in most situations but the more important question to ask is – what are the cybersecurity controls that should be considered by organisations?
The answer is straightforward – the controls that have the biggest impact on reducing the likelihood or the impact of a successful cyberattack.
Cyber risk is generally defined as the threat to the system, the system’s vulnerability and the resulting consequences.
Therefore, to successfully protect information technology (IT) and operational technology (OT) systems, companies must understand the tactics, techniques and procedures (TTPS), which threat actors use to achieve their desired objective.
Here are several examples of well documented cyberattacks on critical national infrastructure over the past two decades:
In 2010, arguably, the most sophisticated cyberattack was executed on an Iranian uranium enrichment facility that exposed the weakness of cybersecurity controls and vulnerability of OT environments.
The STUXNET worm was designed specifically to target these environments which allowed the threat actor to exploit and disrupt production operations causing downtime and business impact.
STUXNET was the eureka moment for the energy and manufacturing industries that OT environments can be breached and what impact it can have on their business, human lives, environment and economies.
Unfortunately, it was also an eureka moment for threat actors too. OT cyberattacks surged rapidly and suddenly the attack techniques from threat actors, in terms of creativity and smartness of achieving their malicious objectives, evolved since then.
In 2015, Ukraine was hit by another massive cyberattack that shut off power at 30 substations and left millions of people without electricity for up to six hours. SCADA equipment was rendered inoperable and power restoration had to be completed manually, which further delayed restoration efforts.
So how was this achieved – must have been very sophisticated? Actually, not.
Spear phishing was used to introduce the Blackenergy malware that exploited the macros in excel-based documents on computer systems at the plants. Meaning that the threat actors did nothing different than using known TTPS for cyberattacks on IT environments.
The same exploitation tools were used to find user credentials to escalate their privileges to move laterally in the network or to send malicious commands to disrupt plant operations.
The 2015 cyberattack seemed like an experiment as barely a year later the Ukraine Power Grid was attacked again and this time the capital city Kiev went dark, breakers tripped in a large number of substations.
However, this time the threat actors also jammed the utility’s call centres to prevent customers from reporting the outage by launching Telephone Denial of Service (TDOS) attack.
The approach was more sophisticated as the threat actors directly manipulated the SCADA systems using CRASHOVERRIDE – the first known malware specifically designed to target the power grids directly around the globe with the ability to wipe or delete files, disable processes like malware protection and even the software from OT vendors.
This was another eureka moment – national power grids are not safe from threat actors either.
One of the most concerning cyberattacks was in 2017 where the TRITON malware targeted the specific safety critical Programable Logic Controller’s (PLCS) in the Middle East. The function of these PLCS is to protect plants and people from disasters caused by mechanical failure.
In 2018, advanced persistent threat attacks on industrial environments continued to rise, and industrial espionage increased.
After 2019, there was a drastic increase in ransomware activities in OT environments including the manufacturing, water treatment and pipeline industries.
Recently, Cybersecurity and Infrastructure Security Agency launched the Cross-sector Cybersecurity Performance Goals as a prioritised subset of IT and OT cybersecurity practices, aimed at meaningfully reducing risks to critical national infrastructures and the community it supports.
These cybersecurity controls are not meant to be the only considerations for organisations. The purpose is to form the foundation to protect IT and OT infrastructures against cyberattacks as part of the defence-in-depth cybersecurity strategy.
These are some of the logical first steps to consider:
User account security
User accounts are generally one of the first gateways for threat actors to gain access to the network to establish a foothold and move laterally. On the surface, this may seem simple but maintaining user account security hygiene has been a long-standing challenge for many organisations.
Here are the suggested foundational controls that should be considered:
> enable the detection of unsuccessful user login attempts
> change all default passwords and implement multi-factor authentication
> update the minimum password strength > separate user and privilege accounts > enforce unique user credentials (not just email addresses as commonly used)
> revoke the credentials of departing employees.
Device security
Device security are measures taken to secure computing devices (hardware and software) from cyber threats but also to maintain service continuity.
Here are the suggested foundational controls that should be considered:
> approval process for new hardware and software deployment
> the disablement of macros by default > maintaining an up-to-date asset inventory
> prohibiting the connection of unauthorised devices
> documenting device configurations.
Data security
The purpose is to protect sensitive and confidential data from unauthorised access, theft, loss and destruction.
Here are the suggested foundational controls that should be considered:
> strong and agile encryption
> enable log collection
> secure storage of the said logs.
Governance and training
A strong governance structure is a key success factor for any cybersecurity strategy and operations to manage cyber risks effectively and to ensure adequate protection of data and systems.
Here are the suggested foundational controls that should be considered:
> appointment and empowerment of a single leader to be accountable for cybersecurity
> a single leader to be responsible for Ot-specific cybersecurity
> basic cybersecurity training for all employees and third parties
> OT specific cybersecurity training for OT managers and operators
> establish an effective relationship between IT and OT cybersecurity to improve the response effectiveness for OT cyber incidents.
Vulnerability management
To reduce the likelihood of threat actors exploiting known vulnerabilities in IT and OT systems, the following foundational controls should be considered:
> mitigate known vulnerabilities
> gather vulnerability intelligence by security researchers and enable the researchers to submit discovered weaknesses or vulnerabilities faster
> blacklisting of exploitable services on the Internet
> limit OT connections to public Internet > conduct third-party validation of control effectiveness.
Supply chain/third party
To ensure the integrity and reliability of supplier products and services the following foundational controls should be considered:
> establish supplier cybersecurity requirements
> immediate disclosure of known cybersecurity incidents and vulnerabilities to enable rapid response.
Detection, response and recovery
Here are the suggested foundational controls that should be considered:
> capability to detect relevant threats and TTPS
> a comprehensive response and recovery plan (including appropriate back-ups) in place helps organisations be prepared for the inevitable security incidents that will occur and ensures that they have the processes and resources in place to minimise the impact and recover effectively.
Network segmentation
Network segmentation reduces the likelihood of threat actors accessing the OT network after compromising the IT network and vice versa.
Here are the suggested foundational controls that should be considered:
> segment IT and OT networks
> segment safety critical systems form other systems
> segmentation of temporarily connected devices
> segmentation of wireless communications
> segmentation of devices connected via untrusted networks/internet.
Email security
By implementing effective email security measures, organisations can reduce the risks from common email-based threats and ensure the confidentiality and integrity of email communications.
Here are the suggested foundational controls that should be considered:
> Email encryption
> Email account authentication
> and email filtering.
In conclusion, cyber threats are evolving and escalating at an alarming rate for asset-intensive industries such as the energy sector.
Strengthening the cybersecurity foundations are imperative to build a defence-indepth model that would reduce the chances of cyberattacks and safeguard IT and OT environments.
By JACO BENADIE Jaco Benadie is partner, Ernst & Young Consulting Sdn Bhd. The views expressed here are the writer’s
own.
Chinese cybersecurity experts have exposed a hacker group, with its core members coming from Europe and North America, which has been launching sustained cyberattacks against China as its primary target, posing a serious threat to the country's cybersecurity and data
security, the Global Times learned from a Beijing-based cybersecurity lab on Sunday.
ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI. — Photo: Frank Rumpenhorst/dpa
BERLIN: ChatGPT may have blown away many who have asked questions of it, but scientists are far less enthusiastic. Lacking data privacy, wrong information and an apparent built-in racism are just a few of the concerns some experts have with the latest 'breakthrough' in AI.
With great precision, it can create speeches and tell stories – and in just a matter of seconds. The AI software ChatGPT introduced late last year by the US company OpenAI is arguably today's number-one worldwide IT topic.
But the language bot, into which untold masses of data have been fed, is not only an object of amazement, but also some scepticism.
Scientists and AI experts have been taking a close look at ChatGPT, and have begun issuing warnings about major issues – data protection, data security flaws, hate speech, fake news.
"At the moment, there's all this hype," commented Ruth Stock-Homburg, founder of Germany's Leap in Time Lab research centre and a Darmstadt Technical University business administration professor. "I have the feeling that this system is scarcely being looked at critically."
"You can manipulate this system"
ChatGPT has a very broad range of applications. In a kind of chat field a user can, among others, ask it questions and receive answers. Task assignments are also possible – for example on the basis of some fundamental information ChatGPT can write a letter or even an essay.
In a project conducted together with the Darmstadt Technical University, the Leap in Time Lab spent seven weeks sending thousands of queries to the system to ferret out any possible weak points. "You can manipulate this system," Stock-Homburg says.
In a recent presentation, doctoral candidate and AI language expert Sven Schultze highlighted the weak points of the text bot. Alongside a penchant for racist expressions, it has an approach to sourcing information that is either erroneous or non-existent, Schultze says. A question posed about climate change produced a link to an internet page about diabetes.
"As a general rule the case is that the sources and/or the scientific studies do not even exist," he said. The software is based on data from the year 2021. Accordingly, it identifies world leaders from then and does not know about the war in Ukraine.
"It can then also happen that it simply lies or, for very specialised topics, invents information," Schultze said.
Sources are not simple to trace
He noted for example that with direct questions containing criminal content there do exist security instructions and mechanisms. "But with a few tricks you can circumvent the AI and security instructions," Schultze said.
With another approach, you can get the software to show how to generate fraudulent emails. It will also immediately explain three ways that scammers use the so-called "grandchild trick" on older people.
ChatGPT also can provide a how-to for breaking into a home, with the helpful advice that if you bump into the owner you can use weapons or physical force on them.
Ute Schmid, Chair of Cognitive Systems at the Otto Friedrich University in Bamberg, says that above all the challenge is that we can't find out how the AI reaches its conclusions. "A deeper problem with the GPT3 model lies in the fact that it is not possible to trace when and how which sources made their way into the respective statements," she said.
Despite such grave shortcomings, Schmidt still argues that the focus should not just concern the mistakes or possible misuse of the new system, the latter prospect being students having their homework or research papers written by the software. "Rather, I think that we should ask ourselves, what chances are presented us with such AI systems?"
Researchers in general advocate how AI can expand – possibly even promote – our competencies, and not limit them. "This means that in the area of education I must also ask myself – as perhaps was the case 30 years ago with pocket calculators – how can I shape education with AI systems like ChatGPT?"
Data privacy concerns
All the same, concerns remain about data security and protecting data. "What can be said is that ChatGPT takes in a variety of data from the user, stores and processes it and then at a given time trains this model accordingly," says Christian Holthaus, a certified data protection expert in Frankfurt. The problem is that all the servers are located in the United States.
"This is the actual problem – if you do not succeed in establishing this technology in Europe, or to have your own," Holthaus said. In the foreseeable future there will be no data protection-compliant solution. Adds Stock-Homburg about European Union data protection regulations: "This system here is regarded as rather critical."
ChatGPT was developed by OpenAI, one of the leading AI firms in the US. Software giant Microsoft invested US$1bil (RM4.25bil) in the company back in 2019 and recently announced plans to pump further billions into it. The concern aims to make ChatGPT available to users of its own cloud service Azure and the Microsoft Office package.
"Still an immature system"
Stock-Homburg says that at the moment ChatGPT is more for private users to toy around with – and by no means something for the business sector or security-relevant areas. "We have no idea how we should be deal with this as yet still immature system," she said.
Oliver Brock, Professor of Robotics and Biology Laboratory at the Technical University Berlin, sees no "breakthrough" yet in AI research. Firstly, development of AI does not go by leaps and bounds, but is a continuing process. Secondly, the project only represents a small part of AI research.
But ChatGPT might be regarded as a breakthrough in another area – the interface between humans and the internet. "The way in which, with a great deal of computing effort, these huge amounts of data from the internet are made accessible to a broad public intuitively and in natural language can be called a breakthrough," says Brock. – dpa
China releases white paper on jointly building a cyberspace community
China's State Council Information Office issued a white paper titled "Jointly Build a Community with a Shared Future in Cyberspace," which is fundamentally different from the US' earlier release "Declaration for the Future of the Internet," as China advocates that cyberspace is the common home of humankind instead of creating division and confrontation by ideology.
The Office released the white paper during a news conference on Monday morning in Beijing, which introduces the achievements of China's Internet development and governance practices over the past decade and puts forward the Chinese proposition of building a community with a shared future in cyberspace.
As problems of unbalanced development, unsound rules and unreasonable order in the cyberspace are becoming increasingly prominent and cyber hegemony poses a new threat to world peace and development, effective solutions and joint efforts are needed to address the problems, officials said.
China's white paper is fundamentally different from the US and its partners' joint release "Declaration for the Future of the Internet," said Qi Xiaoxia, director general of the Bureau of International Cooperation of the Cyberspace Administration during Monday's news conference.
The "Declaration for the Future of the Internet" attempts to impose its own standards on others, draw ideological lines in the cyberspace, draw "small circles," create division and confrontation and violate international rules, Qi said. These actions have seriously undermined the unity of the internet family and affected the stable development of the global internet.
In the US' vision, it has abandoned multilateral platforms such as the UN and is keen to form various exclusive cliques instead, in an attempt to draw ideological lines and undermine the global rules of Internet governance by touting its unilaterally-defined principles, trying to create an exclusive bloc in the name of democracy, Chinese Foreign Ministry spokesperson Zhao Lijian said in May.
Instead, China advocates openness, cooperation, tolerance and mutual understanding, he said.
"We believe that cyberspace is the common home of humankind, and that the future of cyberspace should be in the hands of all countries in the world, not by a single country or a few countries."
China advocates that the UN play the role of the main channel in the international governance of cyberspace, and that the international community adhere to the principles of common consultation, construction and sharing, strengthen cooperation and jointly develop international rules for cyberspace, Qi said.
China is willing to deepen cooperation with countries around the world, promote the reform and construction of the global internet governance system, she said.
However, contrary to China's vision of mutual benefit, there are many restrictions on the development of Chinese companies in some countries while they are actively exploring the international market.
"Chinese enterprises have carried out international research and development cooperation, and provided a large number of safe, reliable, high-quality and inexpensive products and services to the world, which are widely welcomed," Qi said.
"Chinese enterprises have actively fulfilled their corporate social responsibility and provided a large number of employment opportunities for the countries and regions where they operate."
Qi pointed out that the reason is clear for the development restrictions of some Chinese enterprises including Huawei in overseas market.
"On the pretext of 'national security,' certain countries have abused export control measures to maliciously block and suppress Chinese enterprises, which undermines the legitimate rights and interests of Chinese enterprises and causes serious disruptions to the stability of the global industrial supply chain," she said.
The Chinese government opposes politicization of technical issues and abuse of state power to suppress and curb other countries' enterprises by any means in violation of market economy principles and international economic and trade rules, said the white paper.
Besides, Qi denied that China's cybersecurity build-up would affect foreign companies' operations in China.
"Such worries are totally unnecessary," Qi said, responding to a question raised by a foreign reporter. "What is foreseeable is that China's open door will only get wider."
Data show that the number of foreign-funded enterprises in China has exceeded 1 million, which shows that foreign enterprises are very confident in China's business environment. The Chinese government has always been committed to creating a market-oriented, rule-of-law business environment, encouraging more enterprises to operate and develop in accordance with the law, and treating both Chinese and foreign enterprises equally, Qi said.
China
will open the annual World Internet Conference (WIC) on Wednesday in
the historic town of Wuzhen, as it seeks to promote its vision of
internet governance at a time when Big Tech firms continue to reel from
months of increased regulatory scrutiny and economic headwinds.23 hours ago
Scammers keep getting bolder and bolder with their extortion methods. From impersonating landlords to illegal debt collection tactics, there is no shortage of ways scammers will try to separate you from your money. Be aware of these five red flags when getting on the phone, checking your email, or using social media. This can help you avoid getting trapped in a conversation with a scammer in the first place.
Whether it’s through email, text, phone calls or direct messages, scams seem to be everywhere on the internet. Not all scams are obvious and
many specifically target small business owners. Learn how to recognize a scam, protect your business and know what to do if you become a victim
of a scam.
Being forearmed with knowledge is key to not falling prey to well-trained scammers
Arm yourself with knowledge to identify a swindler
RIGHT before my eyes, I witnessed my friend falling for a classic Macau scam over the phone.
The call from a “government official” had him hooked. Frantically, I gestured to my friend to end the call but he was like a man possessed.
Someone on the other end of the line, claiming to be a government official, informed my worried friend that he had been implicated in a crime of sorts and the only way to escape the consequences was to transfer his money into a “safe account”.
After 45 minutes on the phone, he sent RM5,000 to one such bank account, and this happened on his pay day!
Recalling the incident, my friend said the caller was so convincing and believable that it was hard to cut the line.
This incident came to mind when the long arm of the law finally caught up with Tedy Teow, the founder of MBI (Mobility Beyond Imagination) well-known for its superlative money-making scheme.
He was detained in Thailand about a week ago and is believed to be wanted for questioning over several money-laundering cases in a few countries.
From what I could tell, the news failed to generate much interest on the ground, especially in Penang where the scheme used to have a large number of followers.
It could be that many of his victims were resigned to the fact that their money was as good as gone, even though Teow got arrested.
I have many acquaintances who put money into MBI. A few earned some returns. Most did not.
Now, it is “successful” Macau scams that are dominating the chatter in coffeeshops, offices, watering holes and messaging groups.
Indeed, teachers, engineers, doctors and even a politician were among the prized scalps of these so-called officers from banks or government and law enforcement agencies.
In May, a businessman from Port Dickson with a net worth of over Rm100mil lost a record Rm21mil in one such scam after he allegedly revealed his bank Transaction Authorisation Code (TAC) numbers to a “bank official”.
A sizeable number of scam victims were retirees who lost their hard-earned savings.
As pointed out in one news report, these scammers actually go through a month-long boot camp conducted by professional trainers before they are sent out for con jobs.
Psychology, negotiation skills, the art of persuasion, they learn it all.
They go through gauntlets of role-playing, with one being the “victim” and the other the scam caller, all under the watchful eyes of the trainers.
It has become challenging these days for lawmen to outfox the syndicates which have members even sitting for exams before being certified competent enough to man scam call centres.
And now we hear of increasing cases of dubious bank transfers: money being unknowingly transferred out of savings and fixed deposit accounts after victims were said to have downloaded phone apps.
Protect yourself by not downloading apps from dubious sites!
Then there are the online lovers to whom the lonely give their money even though they have never met face to face.
For those not in the know, this actually happens gradually.
First, the amounts asked for are small. These are quickly returned with a small but appreciable profit. Only after trust is established will the scammer ask for the big amounts.
The situation has never been more urgent as there are still victims who fall prey to such tactics almost on a daily basis.
If you get a call from a scammer, stay calm and rightfully hesitate when asked to reveal your personal banking and user login details.
In the course of a true fraud investigation, government and law enforcement agencies will not transfer calls among themselves. Bank Negara will not transfer your calls to Bukit Aman and vice versa, and never call back the number that was given.
Remember, the police will never threaten to arrest you over the phone; they prefer to do it face to face.
And if it’s a pre-recorded message, just hang up.
Most importantly, if you are a law-abiding citizen who has done nothing wrong, there is indeed nothing to fear.
