End of last month, I had the opportunity to officiate at the Fifth International Cryptology and Information Security Conference here in Kota Kinabalu City that saw Sabah playing host to the international cryptology fraternity where delegates shared and learnt about the latest industrial development in cryptology.
Prior to that event, cryptology was alien to me and after getting the briefing from top officers of Cybersecurity Malaysia, an agency under MOSTI did I managed to grasp hold the concept.
Encryption is the process of encoding messages or information in such a way that only authorised parties can read it.
Without encryption, secure transfer protocols would not exist and this may result in hundreds of millions of online consumers’ financial, health, and personal information exposed to eavesdropping and theft.
Whilst cryptology is a method that enables the transmission of messages in complete secrecy and security.
But this is not something new since the technique to encode sensitive information to prevent enemy or unauthorised access dates back to as early as the ancient Greek.
By today’s standard those were fairly simply codes as encryption has since become more complex.
During World War Two, the Allied forces’ ability to break the codes of enemy encrypted messages was key to its success.
Perhaps the most important codebreaking event of the war was the successful decryption by the Allies of the German “Enigma” Chiper, which allowed important parts of German radio traffic on critical networks to be read by the Allies.
It was by no means an easy task as it took a team of brilliant engineers, mathematicians and scientists to crack the intercepted encrypted messages.
This brought my attention to the significance of cryptography in spurring the digital economy. Nations of the world are facing a common challenge — to safeguard confidential, sensitive data from savvy cyber-criminals and malicious insiders.
Cryptography: Dangers of Living without It In today’s fast developing digital economy, there are ever-present risks of theft, leaks and damage to the wealth of valuable digital data that is being transmitted or stored.
Eliminating threats is almost impossible. Digital information must therefore be protected and this is achievable only through encryption technology.
Cryptography offers confidentiality and user authentication to prevent theft or tampering of data integrity.
We are already applying cryptography for a secure internet communication using https, ATM cards and e-commerce including online banking and payment.
An emerging Digital Economy invention which is premised on cryptography is Bitcoin -the crypto-currency of the digital world.
Invented in 2008, Bitcoin is at its core a cryptographic protocol. The protocol creates unique pieces of digital property that can be transferred from one person to another. Each Bitcoin is defined by a public address and a private key, each a unique digital fingerprint.
Bitcoin exchanges however are often the target of hackers. Over the course of the years, vast sums of money have fallen into the wrong hands, most of which attributed to a lack in security.
One such example is the prominent Japan-based Bitcoin exchange company Mt. Gox which collapsed partly due to massive hacking.
Therefore, security is the critical in Bitcoin — without proper security measures in place, digital wealth could get stolen or vanish. Bitcoin Core developers enable a feature inside the Bitcoin client that lets one encrypt the wallet by protecting it with a passphrase.
The introduction of Whatsapp that provides a platform for users of smartphones regardless of its operating system to communicate with each other through an instant messaging application have resulted in millions of information being exchanged in cyber space.
As of February 2016, WhatsApp has over 1 billion users globally. In the wake of mounting threats posed by hackers and cyber criminals, WhatsApp has introduced end-to-end encryption features in its latest version of the app.
With this method, messages are scrambled as they leave the sender’s device and can only be decrypted by the recipient’s device. It renders messages unreadable if they are intercepted by criminals or even law enforcement authorities.
But even with encryption, there still remain real risks especially from malicious insiders or systems infected by malware.
These could very much disrupt businesses and even national security. In the corporate sector, stolen sensitive financial data, intellectual property and confidential customer information can lead to competitive loss, brand damage or even lawsuits from clients.
Cyber Security Malaysia’s Key Role To deal with these serious threats and challenges in the area of cryptography in Malaysia, CyberSecurity Malaysia has taken on a critical role to safeguard the country’s digital economy and digital communication.
It focuses on research and development, coordination and publicity and education and training.
The Cryptography Development Department in CyberSecurity Malaysia conducts research and development in various aspects of cryptography and related fields such as cryptographic algorithm, key management, cryptanalysis and applied cryptography including cryptography module evaluation and cryptography algorithm conformance test.
Just last month, CyberSecurity Malaysia launched a new CSM Randomness Testing Tool (CRTT) that evaluates randomness properties used for cryptography purpose.
The Strategic Policy Research produces high quality research and policy papers in information security which has been used as source of reference for various stakeholders to make well-informed decisions.
In view of the importance of cryptography in national cyber security, National Cryptography Policy or Dasar Kriptografi Negara was established under the purview of National Security Council.
National Cryptography Policy which is part of the National Cyber Security Policy (NCSP) sets out strategic approach on the use of cryptography, production of cryptography products and research and development to protect the government and its agencies.
It has seven strategic thrusts that focus on the aspect of competency and self-reliant in cryptography towards ensuring the protection of national security, citizens’ privacy and safety; and making cryptography industry as a contributor to the nation’s wealth creation.
To educate the public about cryptography and the need to protect digital information, CyberSecurity Malaysia continues to publicise the importance of encrypting digital data to all major industry sectors across the country including co-organising a number of events with public universities.
CyberSecurity Malaysia has also developed a nationwide programme with the Ministry of Education (MOE) known as CyberSAFE in Schools to inculcate cyber security and Internet safety culture among students in Malaysia.
One of its activities is the annual National ICT Security Discourse (NICTSeD), a national-level debate competitionbetween schools to encourage students to apply creative and critical thinking on Internet-related security issues.
Shortage of skilled cryptographers in Malaysia In a world of ever-present cyber-attacks, Malaysia, however seriously need more cyber security experts to help build a resilient and robust cryptography solution.
Cryptography must be home-grown and we must avoid using foreign products and technology.
The 11th Malaysia Plan emphasises the need for the country to acquire its own capabilities in cryptography to protect online information, hence reducing reliance on foreign solutions.
As such, CyberSecurity Malaysia continues to encourage more local undergraduates to consider taking up the profession of cryptology.
Cryptology is now emerging as a major academic subject involving a multidisciplinary approach that includes mathematics, statistics, engineering and computer science.
Among the training courses offered by CyberSecurity Malaysia include Data Encryption, Introduction to Cryptography, and Cryptography for Information Security Professionals.
Incidentally, cryptology became particularly popular following the publication of Dan Brown’s novel The Da Vinci Code and later released as a movie.
As education institutions including universities begin to engage in cryptology research, they will require a large number of cryptographers and cryptanalyst. Already, there is a high demand for qualified cryptologists in government agencies and the corporate sector following the wide use of Internet and e-commerce.
To seize the opportunities of digitalisation for economic growth and societal well-being, we have to reinforce end users’ trust in the Internet.
Now more than ever, the health of the Internet ecosystem depends on the proliferation of strong encryptions.
We must therefore encourage more Malaysian organisations to embrace the practice of encrypting its digital data and raise our cryptography technology to world standards to further enhance cyber security in this country.
Malaysia will then certainly emerge as a vibrant and trusted hub in the global digital economy.