Ahmad Ibrahim Kulliyyah of Laws International Islamic University Selangor, Malaysia imadieha@iium.edu.my Ahmad Ibrahim Kulliyyah of Laws International Islamic University Selangor, Malaysia sonny@iium.edu.my Kulliyyah of Engineering International Islamic University Selangor, Malaysia sigit@iium.edu.my Keywords-data breach; critical information infrastructure; law and regulation; Malaysia I. ENTER THE NEW WORLD OF SPIDER WEB “Wikileaks”, an international non-profit organization that runs the online whistle-blower services at the now-defunct website <www.wikileaks.org>, is hailed by the Time magazine as „the whistle-blower of the digital age‟. Its Australian founder, Mr. Julian Assange, was made a candidate for the Time‟s Person of the Year 2010 award. This prominence was credited to their activities, most notably in the second half of 2010, in disseminating on the Internet hundreds of thousands of secret or confidential documents involving various governments and giant corporations [1]. Among the critical data leaked was the disclosure of a long list of commercial and other installations deemed critical to America‟s national security. Included in the list are the landing points of undersea cables and the names of firms making vital vaccines. There was also disclosure about NATO‟s new plans for defending Poland and the Baltic states, which includes disclosure of the code name related to the plans. As it is earlier mentioned, the 250,000 data leaked by the Wikileaks had implicated many countries including Malaysia. 1 Despite leaking top-classified information such as military and diplomatic communication data, there seems to be uncertainty as to whether or not Wikileaks will finally face any legal actions. It was reported by The New York Times, on 7 th December 2010 that the US Justice Department was exploring possible charges against WikiLeaks and Assange on the release of diplomatic messages under the Espionage Act 1917 or even on conspiracy or trafficking in stolen property. Meanwhile, Julian Assange had contested in the UK court against his extradition to Sweden over alleged sexual offences, as reported by The Guardian on 13 th July 2011. Needless to say, Assange and his Wikileaks has gained huge support from all over the world. The incident demonstrates some causes of concern: firstly, a highly critical infrastructure such as that houses the military system and diplomatic cables, despite its sensitivity, are not spared from security breach or intrusion. Secondly, such leak can in turn cause far-reaching damage to public interests, national security and economic interests. Last but not least, the problems cannot be surmounted easily; the hands of law seem incapable of resolving the problem. It does not help that incidence of ordinary data breach is so common that there does not seem to be full proof method to totally eliminate it. II. CAUSES AND TRENDS OF DATA BREACH Statistics tell us that in the cyber environment, data breaches are everyday phenomena. In a study conducted by Symantec and the Ponemon Institute in their 2011 Cost of a Data Breach Reports, it is found that around half of the causes of data breach can be categorised into system glitch, negligence and malicious attack. Though negligence counts slightly more than malicious attacks, the costs caused by the latter is the highest of all. The reports also revealed that such malicious attacks involve the use of malicious software (viruses, 1 See, for examples, “WikiLeaks: Malaysia didn‟t inform US of missing jet engines,” The Malaysian Insider, 15 th February 2011; “WikiLeaks: Malaysia loses game of "chicken' with Singapore over bridge,” The Malaysia Today, 6 th July 2011; “Anifah summons Singapore envoy over Wikileaks content,” The Star, 15 th December 2011. Data Leak, Critical Information Infrastructure and the Legal Options: What does Wikileaks teach us? Ida Madieha Abdul Ghani Azmi Sonny Zulhuda Sigit Puspito Wigati Jarot Abstract —The massive data leaks by Wikileaks suggest how fragile a national security is from the perspective of information system and network sustainability. What Wikileaks have done and achieved raises some causes of concern. How do we view such leaks? Are they an act of whistle-blowing or disclosure of government misconduct in the interest of the public? Are they the champion of free press? Or are they a form of data breach or information security attack? What if it involves the critical information infrastructure (CII)? Could they be classified as ‘cyber-terrorist’? The objective this paper is to outline the problems and challenges that Malaysia should anticipate and address in maintaining its national CII. The paper first looks at Wikileaks as it is the ‘icon’ of data leaks. Then it examines the causes of data breach before proceeding to foray into the concept of ‘critical information infrastructure’ in the US and Malaysia. Finally, the paper explores legal options that Malaysia can adopt in preparing herself to possible data breaches onslaught. It is the contention of the paper that the existing traditional legal framework should be reformed in line with the advances of the information and communications technologies, especially in light of the onslaught of data leaks by the new media typically represented by Wikileaks. 226 International Journal of Cyber-Security and Digital Forensics (IJCSDF) 1(3): 226-231 The Society of Digital Information and Wireless Communications (SDIWC) 2012 (ISSN: 2305-0012)