The value of a Computer Emergency Response Team
Although many organisations have established computer security protocols to deal with possible cyber threats and breaches, they could still benefit considerably from the support provided by to a Computer Emergency Response Team (CERT). This post discusses what a CERT is, and some of the benefits of having that resource, especially in the Caribbean.
In today’s society, the value of information is growing at exponential rates. As a result, organisations and even countries are under considerable pressure to constantly improve their protective mechanisms should any security threats arise. Generally, but particularly in the Caribbean, network security tends to be addressed in isolation – individual organisations implement their own systems. There is also little information sharing, and few (if any) established linkages within the industry to disseminate critical information should a grave security threat or incident affect one or more organisation.
A Computer Emergency Response Team (CERT), which is also known as a Computer Security Incident Response Team (CSIRT), is an organisation comprising experts that handle computer security incidents. It is usually established to monitor and manage threats, either for select organisations, or throughout entire countries. The scope of a CERT can be quite broad, but at the core, most are designed or established to
…ensure that appropriate technology and system management practices are used to resist attacks on networks and to limit damage and ensure continuity of critical services in spite if attacks, accidents or failures… (CERT)
Typically, their primary functions include responding to computer security incidents; reporting on vulnerabilities; and promoting effective IT security practices.
Why are CERTs necessary?
Many countries and regions around the world have established a CERT, but in the Caribbean there are very few. Among the islands, the exceptions are the Bahamas and the Dominican Republic. Several international agencies, especially those that have an interest in cyber security, have been strongly advocating that CERTs be established throughout the region. While the countries might be amenable, the units have yet to be implemented. Nevertheless, there are a number of important benefits to be realised, some of which are outlined below.
1. To provide expert information and support. Although new security tools are constantly being developed, there can be some complacency among network managers if their organisations have firewalls and if the antivirus software is up to date. However, numerous other threats and incidents can still occur, such as those based on hacking and denial of service attacks, which exploit weaknesses in hardware and software solutions. Hence organisations could benefit from having access to the expertise and support that a CERT can provide, which ultimately could result in significant cost savings through avoided incidents and reduced downtime when they occur.
2. To supplement internal security plans. Organisations with elaborate computer networks and/or high data protection requirements usually have comprehensive security plans and schemes. However, computer/infrastructure threats are on the rise, and the criminals behind them are also increasing and becoming more sophisticated. Hence those plans and schemes are often not as dynamic as they need to be to address new and developing situations. A CERT could advise on current and imminent threats, and provide guidance on addressing specific occurrences.
3. Cyber-security systems are lacking in the Caribbean. In the region, there is a general sense that due to our small size, we are somehow not being targeted for cybercrime. However, this is not the case. As reported in our post, Where is Internet Governance going in the Caribbean region?, one of the presenters, Gregory Richardson of 1337 Networks Inc. stated that:
- hacktivists recently breached the websites of several Chambers of Commerce within the region
- almost all banks in the region have been hacked, and many of them more than once
- a major Caribbean airline has been hacked.
More importantly, it is likely that a significant number of Caribbean organisations have been breached, but are not yet aware of this.
4. It is a critical consideration to certain investors. Across the Caribbean, all countries depend on foreign direct investment for the continued viability of their economies. As a result, considerable time and effort are spent courting investors across a broad range of industries, particularly the services sector. Depending on the service, especially those that deal with large volumes of information that must be managed and protected, those companies/investors are reluctant to establish operations within the region due to absence of a CERT. A CERT provides some assurance to investors, and is perceived as strengthening existing cyber-security and data protection frameworks.
In recent years, there has been an increasing awareness of the need for cyber security and data protection mechanisms within the Caribbean region, and most countries have already implemented much needed policy and legislation. Although the legal framework might offer avenues for redress, it is vital for organisations to have access to much needed expertise and support.
CERTs are essential components in any cyber or data protection machinery, and their absence is a grave deficiency across the Caribbean. Although lack of funds is often the reason given for our inaction, our complacency might also be compounded by the fact that we do not fully appreciate the breath and depth of the security breaches that are currently being experienced in our own individual countries and across the region.