To what extent does

Malaysia's National 4IR Policy

address AI security risks?

Dr. Jun-E Tan

Discussion during the authors' workshop of

"AI and Society: Legal, Social & Developmental Narratives from Asia", August 2021

Objective of chapter

To analyse the policy initiatives of the N4IRP against the AI Security Map built by Newman (2019), to find out the priorities and gaps of Malaysia's technology governance

malaysia's national fourth industrial revolution (4ir) policy

• Definition of 4IR: "4IR refers to the disruptive transformation of industries through the application of emerging technology. It is characterised by new technology that is fusing the physical, digital and biological worlds, impacting all disciplines, industries and the economy."
• Goals of the N4IRP:
  • Seize growth opportunities arising from 4IR
  • Create a conducive ecosystem to cope with the 4IR
  • Build trust and an inclusive digital society
• Covers five foundational technologies: AI, IoT, blockchain, cloud computing and big data analytics, advanced materials and technologies/
• Launched in July 2021, as a sister policy of the Malaysia Digital Economy Blueprint (launched in Feb 2021), to enable Malaysia's longer term developmental plans
• A note on other AI policy initiatives: National AI Roadmap (by MOSTI), National AI Framework (by MDEC)

• 4 policy thrusts, 16 strategies, 32 national initiatives, 60 sectoral strategies
• The 32 national initiatives are mapped out against the the AI Security Map

ai security map

• From Newman (2019), Toward AI Security: Global Aspirations for a More Resilient Future
• Three main types of risk mitigation:
  • the risks or opportunity costs of not implementing AI
  • the risks of unintended consequences or unsafe outcomes of AI
  • the risks of AI being used for malicious purposes

Title Text

• Bullet One
• Bullet Two
• Bullet Three

mapping ai security risk mitigation in n4irp

mapping ai security risk mitigation in n4irp

• Main priorities:
  • Economic: R&D, providing training and education, labour displacement
  • Political: government capacity, public/private cooperation
  • Social: ethics, privacy, ESCR
  • Digital/physical: Cybersecurity
• Gaps
  • Economic: widening inequalities
  • Political: mis/disinformation, checks and balances in surveillance/power
  • Social: civil and political rights, environmental impacts of tech
  • Digital/physical: unsafe AI/unintended consequences, convergences with other tech, AI for military use

• Main priorities focus on the risks of missing the AI bandwagon
• If we look at risks that are related to unsafe/malicious uses of AI, main initiatives planned are these:
  • Ethical framework for technological development, deployment and utilisation
  • Enhancing personal data protection law, regulations, and guidelines
  • Cybersecurity:
    • Introducing specific legislation for cybersecurity
    • Enhancing the existing cybersecurity framework by incorporating safeguard measures for the implementation and operationalisation of 4IR across the public sector, with a focus on IoT

mapping ai security risk mitigation in n4irp

discussion

• Other potential things to cover:
  • Timeline for implementation
  • Main assumptions of policy that resulted in these initiatives
  • Current realities
  • Limitations of analysis