Padu developed using outdated methods, says cybersecurity expert

Fong Choong Fook says Padu may be vulnerable due to outdated development methods, raising concerns about data integrity and security.

(FMT) – A cybersecurity expert has claimed that the central database hub (Padu) was developed using “outdated” methods, potentially compromising its data integrity.

Fong Choong Fook, CEO of LGMS Bhd, said modern organisations today opt for an API gateway to access distributed data, rather than relying on a duplicated centralised database.

“Take a look at the initiatives of the Singapore government. They have an API gateway in the cloud that allows the government to access distributed and stored data from different agencies,” he told FMT.

“What the Malaysian government is doing is very outdated.”

Fong said employing such an antiquated approach to developing Padu not only risks data duplication but also raises concern about the integrity and accuracy of stored data.

“For example, when someone keys in salary information that’s different from the government records obtained from (the Inland Revenue Board), which piece of data should the government use?” he asked.

He was commenting on Machang MP Wan Ahmad Fayhsal Wan Ahmad Kamal’s suggestion on Thursday that public trust in Padu could increase if the database was overseen by the digital ministry.

Economy minister Rafizi Ramli previously said that Padu saw 28 distributed denial-of-service attacks on the first and second days of its launch in January but had remained unaffected by such attacks since then.

Fong also said it was “pointless” to decide which department should oversee Padu if the design of the database itself was flawed.

“More importantly, we need to study its root cause, how secure the database is, and how secure the database foundation is,” he said.

Yesterday, Sarawak premier Abang Johari Openg said Padu should not collect excessive information unrelated to individuals’ financial status.

Abang Johari said the people of Sarawak were questioning the necessity of providing extensive personal information when registering with Padu.

Last week, Sarawak’s top state government officials in Sri Aman and Sibu were told not to register citizens’ information with Padu until further notice.

Sri Aman division resident Abang Porkan Abang Budiman gave the order in a circular addressed to district and administrative officers there.