National Cyber Security Agency (NACSA) & Securemetric Berhad
- Home
- Case Studies
- National Cyber Security Agency (NACSA) & Securemetric Berhad
National Cyber Security Agency (NACSA) & Securemetric Berhad
Situation
As the national lead agency for cybersecurity, NACSA is dedicated to securing and enhancing Malaysia’s resilience against cyber threats by coordinating and leveraging the nation’s top experts and resources in the field. Their mission is to establish a stable, secure, and resilient cyber environment that meets the economic and social needs of Malaysia.
As part of their commitment, NACSA is also dedicated to protecting National Critical Information Infrastructures (NCII). These are defined as computers or systems whose disruption or destruction would have a severe impact on the delivery of essential services critical to Malaysia’s security, defence, foreign relations, economy, public health, public safety, or public order. This also includes any compromise to these infrastructures would hinder the ability of the Federal or State Governments to effectively perform their functions.
Solution
As part of their commitment to protecting NCII, NACSA enlisted Securemetric Berhad for their expertise in digital security solutions to help mitigate the risk of unauthorised access to critical systems. One of the key solutions identified was the implementation of a FIDO2 server, an advanced security measure that uses passwordless authentication through biometrics. It uses FIDO2 standards, that guarantees secure and verifiable transaction signing, safeguarding the integrity of essential services linked to NCII.
Securemetric provided its pre-integrated certified FIDO2 Server that comes with end-to-end solutions including user registration and management, user authentication and transaction signing.
User Authentication replaces weak passwords with robust hardware-based authentication using public key cryptography to defend against phishing, session hijacking, man-in-the-middle, and malware attacks, ensures that no secrets are shared between services and users. It also supports major browsers such as Chrome, IE, Firefox, and Safari, and integrates via WEB API and SAML 2.0 (SSO).
On the other hand, the Transaction Signing solution creates a unique signature for each transaction, preserving data integrity and ensuring authenticity. This approach renders any changes made to a transaction after it has been electronically signed, allowing government agencies and their users to verify the authenticity and integrity of high-risk transactions, and thereby reducing online transaction fraud.
The NCII sectors benefiting from the secure, passwordless authentication provided by the FIDO2 protocol, which includes biometric-enabled security, span across National Defence & Security, Banking & Finance, Information & Communications, Energy, Transportation, Water, Health Services, Government, Emergency Services and Food & Agriculture.