LETTERS: CONCERNS about the Central Database Hub (Padu) registration should be addressed.
The worry is justified because Padu has access to data from 445 public sector institutions nationwide, including ministries, federal and state statutory bodies, and local authorities.
Various responses have been obtained following its launch, especially relating to its Application Programming Interface (API) shortcomings and loopholes in its cybersecurity.
It is said that users’ password can be changed just by using one’s identification card (IC) number. Such a flaw could be exploited through API calls by someone savvy enough.
Economy Minister Rafizi Ramli said issues regarding the registration — including bugs, other vulnerabilities and the loophole where people’s IC could be used to override and change their password — were addressed within one hour after it was highlighted by social media users.
To ensure the security of Padu, measures — such as implementing cybersecurity protocols, strict access control, a robust data backup and recovery system, better data privacy policies and procedures, regular cybersecurity and data privacy training for staff, regular security assessments, and an incident response plan — are necessary.
These measures will protect the database from cyber threats, unauthorised access, data breaches and system failures.
Other steps include relooking its network infrastructure, cybersecurity, data management, IT governance, IT talent management, IT project management, IT budgeting and its outdated network infrastructure, which cannot handle increasing demand for online services, resulting in slow Internet speeds, frequent network outages and connectivity issues.
A major concern is the possibility that someone can use another person’s IC to register for government aid programmes without having to go through the electronic know-your-customer (e-KYC) process. This must be solved.
At the speed the registration is going — about 800,000 have registered up to Jan 7 — more needs to be done.
Otherwise, the target for 29 million to register by March 31 will be difficult to achieve.
MOHD NOOR MUSA
Research analyst, Institut Masa Depan Malaysia (MASA)
Source: https://www.nst.com.my/opinion/letters/2024/01/1003409/tighten-padu-security-prevent-breaches