[Bp_certs] About types of CERTs

Jean Robert Hountomey jrhountomey at gmail.com
Wed Jul 16 03:07:16 EDT 2014 

I second Christine.

" The most important of all is that these CSIRTs work in cooperation to make the Internet more stable and secure."

We have seen models where people believe that they are competing with one another for the same purpose which should not be the case.
There are also cases where people have tried to operate beyond their authority or have refused to collaborate with other teams.

There are many interesting initiatives of collaboration.

1. One is an Industry CSIRT (http://cyberusalama.co.ke/icsirt.html) setup by Tespok, the Telecom association in Kenya who operates the Kenyan Internet Exchange point.(http://www.tespok.co.ke).

This type of CSIRT Team is very interesting in many points:

-  it is made by the operators and they own the networks; 
-  trust is not an issue, participants at the Internet Exchange point have already a trusted relationship and a long history of collaboration;
- providing proactive services to help prepare, protect, and secure  the infrastructures are easily possible,
- collecting metrics, data in anticipation of attacks, problems, or events is not difficult;
- It allows to improve the overall security of the Internet Ecosystem in the country, region; 
- with mobile operators connected it helps understand new threats targeting mobiles,
- all the operators speak the same voice and can be joined through the same contact point
- it reduces cost as the operating costs are shared by all the participants for the good of every body,

For more information

"TESPOK iCSIRT is the Industry Computer Security and Incident Response Team (iCSIRT) for Tespok. Our mission is to safeguard the current and 
future network security of Tespok  and of our members, creating a secure environment to conduct your online activities. .....
We work closely with our community to detect, report and investigate incidents that pose a threat to the security of our members'
information systems. We also investigate other forms of network abuse such as spam and copyright infringement.

2. Another interesting CSIRT is CSIRT made by Financial Institutions. An interesting model to look at has started is in Sri Lanka 
(http://www.bankcsirt.lk) as " a specialized service unit that is responsible for receiving, reviewing, processing
and responding to  computer security alerts and incidents affecting the Banks and other Licensed Financial Institutions in the country".
The interesting part is that Banks have already the habit to collaborate through established procedures via a common payment platform,
so trust, collaboration and information sharing is easily doable...

Thanks a lot.

Best Regards.

Jean Robert Hountomey. 





On 7/15/14, 6:36 PM, Cristine Hoepers wrote:
> Dear all,
>
> First of all, thanks for the interest in the IGF CERTs BPF!
>
> I would like to share some thoughts, considering discussions I
> participated in previous IGF and pre-IGF events, and the discussion
> that took place in the mailing list a few days ago, about CSIRTs with
> national responsibility (in short "National CSIRTs" or "National
> CERTs"), which has also brought a little bit of discussion about other
> types of CSIRTs.
>
> There is no right or wrong about who hosts a National CSIRT, or which
> services it should provide.  From experience, each country will need
> to identify what works best in its case, as well as consider other
> issues like services, funding, local internet governance structure and
> cultural issues, among other factors that might impact the decision.
>
> Also, several countries have more than one National CSIRT, and the
> number is growing each year.  In the last National CSIRTs meeting,
> about 2 weeks ago, there was a very interesting discussion about the
> future of National CSIRTs and their role.  In this panel there was an
> agreement that National CSIRTs are teams whose constituency are
> networks/organizations/assets of National importance, and that the
> number of such teams tend to increase.
>
> I would like to share some examples of National CSIRTs that are
> operated by different stakeholders -- note that the focus of the
> information is to give examples of different hosting organization, not
> the constituency served by each team:
>
> - CERT.br - is operated by NIC.br, a not for profit organization that
>   implements the decisions and projects defined by the Brazilin
>   Internet Steering Committee - CGI.br.  And CGI.br is the
>   multi-stakeholder internet governance body in Brazil.  All funding
>   comes from <.br> domain name registration.
>
> - CERT.PL (previously CERT Polska) - is operated by NASK (Research and
>   Academic Computer Network), a research institute which conducts
>   scientific studies, operates the national .pl domain registry and
>   provides advanced IT services.
>
> - JPCERT/CC - is an independent non-profit organization.
>
> - CARICERT - is sponsered by the Curaçao Bureau Telecommunication and
>   Post (BT&P).
>
> - Egyptian CERT - is operated by the Ministry of Communications and
>   Information Technology.
>
> - CERT-EE - operated by the Estonian Information System Authority
>   (RIA), a subdivision of the Estonian Ministry of Economic Affairs
>   and Communications.
>
> A more complete list of CSIRTs that have responsibility for an economy
> or a country can be found here:
> http://cert.org/incident-management/national-csirts/national-csirts.cfm
>
> I'll not get this e-mail even longer, but there are CSIRTs in many
> different organizations, with different missions and services.  The
> most important of all is that these CSIRTs work in cooperation to make
> the Internet more stable and secure.  A list of teams that are members
> of FIRST (the Forum of Incident Response and Security Teams) can be
> found here: http://first.org/members/teams
>
> I personally think the work of the CERT BPF is a great opportunity for
> us all to share experiences, best practices, questions, case studies,
> but most of all it is a great opportunity for us to identify
> challenges and try to find a way to start answering the open
> questions.
>
>
> Best regards,
> Cristine
>
> --
> Cristine Hoepers, D.Sc.
> General Manager
> CERT.br/NIC.br
> http://www.cert.br/
>
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_certs_intgovforum.org/attachments/20140716/afbe12b8/attachment.htm>

More information about the Bp_certs mailing list