Home > MyVAC

NATIONAL VULNERABILITY ASSESSMENT CENTER, MyVAC

National Vulnerability Assessment Center or MyVAC is a unit of Security Assurance department within CyberSecurity Malaysia. The center is funded by the Ninth Malaysian Plan (9MP) under the project of "Vulnerability Assessment for Information System and Technology".

The establishment of MyVAC's program is also aligned with National Cyber Security Policy (NCSP) implementation, under Thrust 3: Technology Framework.

MyVAC aims to improve the security posture of the Critical National Information Infrastructure (CNII) sectors through actual assessment or evaluation and to improve the nation's ability in mitigating cyber threats and exploitation due to information systems and technology vulnerabilities.

The implementation of this centre will also emphasize on the development of the critical technology lab and infrastructure and security expertise in the area of control systems and web-applications, wireless, mobile and TEMPEST technologies.

STRATEGIC OBJECTIVES

The strategic objectives are :

  • To develop a comprehensive cyber security program as national priority that provides mitigation strategies to prevent the exploitation of critical information system and technology vulnerabilities.

  • To reduce vulnerabilities and security threats by providing significant vulnerability assessment and measures.

  • To develop the cyber security capacity and capability required primarily to ensure that the information systems and technologies can be used safely or implemented securely within the Critical National Information Infrastructure (CNII).

  • To promote the awareness and educate the CNII stakeholders and owners of the real vulnerabilities and possible attacks to their critical infrastructures.

  • To build the partnership among the critical industries, CNII owners and stakeholders, government and researchers to contribute planning, developing and disseminating security solutions.

OUR SERVICES

MyVAC provides the following services in ensuring the national protection, including :

1. VULNERABILITY ASSESSMENT LABORATORY

MyVAC has emphasized the development of vulnerability assessment laboratory for critical information systems and technologies.

In the laboratory (test bed), MyVAC analysts conduct the assessment, identify the common and potential vulnerabilities and correspond with mitigation approaches.

Among the laboratories are :

  • Network and Mobile Security that include Wireless LAN, 3G and TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious Transmissions)
  • Critical Information Systems that include Control Systems and Web-Applications

2. CYBER SECURITY BASELINES

Based on the vulnerability assessment work in the respective laboratories, MyVAC provides the technical assistance documentation in assisting the relevant CNII sectors.

3. VULNERABILITY ASSESSMENT SERVICES

MyVAC provides the cyber security assessment advisory by offering the vulnerability assessment "on-site" and "off-site" for the relevant CNII sectors.

  • In the On-Site service, MyVAC reviews the relevant CNII's Audit Report and acknowledges additional cyber security recommendations.
  • In the Off-Site service, MyVAC provides the relevant cyber security assessment report through conducting simulation assessment of current settings/configurations with relevant CNII sectors.

4. CRITICAL NATIONAL INFRASTRUCTURE INFORMATION (CNII) PROGRAM

MyVAC invites the creation of and participation in strategic partnerships to raise cyber security awareness, train personnel, improve security posture and exchange information. Among the platform used are awareness seminar (such as InfoSec.my) and workshop, pilot projects, and coordinate Special Interest Group (SIG).

OUR PROGRAM

MyVAC works to achieve its strategic objectives through the following programs:

1. CONTROL SYSTEMS SECURITY PROGRAM, CSSP

A study on National Cyber Security Policy (NCSP) which was conducted by MOSTI has determined that Control Systems such as Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) are among the critical information systems that require national protection. It is identified that these critical systems are used by our critical infrastructure sectors such as Electricity, Oil & Gas, Water and Waste Treatment, Manufacturing, Chemical, Transportation, to operate their daily services and production for the nation.

The CSSP brings the values in the following projects :

  • SCADA SECURITY TEST LAB IN-PROGRESS
    MyVAC conducts the vulnerability assessment on SCADA/DCS systems deployment to assist the relevant CNII sectors in improving their security posture. The results of the assessment will be shared to the relevant CNII sectors.
  • SCADA/DCS SECURITY BASELINES FUTURE
    The baselines provide the security measures in protecting the implementation of SCADA/DCS security to the relevant CNII sectors.
  • SCADA/DCS PILOT PROJECT IN-PROGRESS
    MyVAC conducts a study on SCADA/DCS security landscape for CNII. This pilot project aims to study the critical asset identification, identify and understand the threats and vulnerabilities of SCADA systems, security controls implementations, and to address the SCADA security capability and competency issues for assuring necessary protections are implemented for the critical infrastructures.
  • SCADA Security Special Interest Group [SCADASECSIG] NEW
    MyVAC provides awareness and facilitate exchange of ideas on the SCADA/DCS security among the SCADA/DCS owners, regulators, developers, vendors and security community.

2. WIRELESS SECURITY PROGRAM

  • WIRELESS LAN SECURITY SERVICE IN-PROGRESS
    "Wardriving" service on Wireless LAN deployment to assist the relevant CNII sectors in improving their security posture. The results of the assessment will be shared to the relevant CNII sectors.
  • WIRELESS LAN SECURITY BASELINES IN-PROGRESS
    The baselines provide the security measures in protecting the implementation of Wireless LAN security to the relevant CNII sectors.

3. NETWORK & MOBILE SECURITY PROGRAM

  • NETWORK & SYSTEM SECURITY SERVICE IN-PROGRESS
    MyVAC offers the review of assessment report to assist the relevant CNII sectors in improving their security posture.
  • 3G SECURITY TEST LAB FUTURE
    MyVAC offers vulnerability assessment on 3G security vulnerabilities in their own lab. The results of the assessment will be shared to the relevant CNII sectors.
  • TEMPEST SECURITY SERVICE FUTURE
    MyVAC offers emanation security assessment to analyze external electromagnetic radiation from data processing equipment and provide the security measures used to prevent them.

4. COLLABORATION PROGRAM

The collaboration program is to encourage the participation of relevant CNII sectors in protecting the national critical assets and infrastructures. MyVAC invites the CNII sectors to meet and discuss with us to be involved in the abovementioned programs.

 
Contact Us | FAQ | Site Map | Disclaimer | Copyright © - CyberSecurity Malaysia