«

»

Dec 07 2011

Print this Post

The value of a Computer Emergency Response Team

Although many organisations have established computer security protocols to deal with possible cyber threats and breaches, they could still benefit considerably from the support provided by to a Computer Emergency Response Team (CERT). This post discusses what a CERT is, and some of the benefits of having that resource, especially in the Caribbean.

In today’s society, the value of information is growing at exponential rates. As a result, organisations and even countries are under  considerable pressure to constantly improve their protective mechanisms should any security threats arise. Generally, but particularly in the Caribbean, network security tends to be addressed in isolation – individual organisations implement their own systems. There is also little information sharing, and few (if any) established linkages within the industry to disseminate critical information should a grave security threat or incident affect one or more organisation.

A Computer Emergency Response Team (CERT), which is also known as a Computer Security Incident Response Team (CSIRT), is an organisation comprising experts that handle computer security incidents. It is usually established to monitor and manage threats, either for select organisations, or throughout entire countries. The scope of a CERT can be quite broad, but at the core, most are designed or established to

…ensure that appropriate technology and system management practices are used to resist attacks on networks and to limit damage and ensure continuity of critical services in spite if attacks, accidents or failures… (CERT)

Typically, their primary functions include responding to computer security incidents; reporting on vulnerabilities; and promoting effective IT security practices.

Why are CERTs necessary?

Many countries and regions around the world have established a CERT, but in the Caribbean there are very few. Among the islands, the exceptions are the Bahamas and the Dominican Republic. Several international agencies, especially those that have an interest in cyber security, have been strongly advocating that CERTs be established throughout the region. While the countries might be amenable, the units have yet to be implemented. Nevertheless, there are a number of important benefits to be realised, some of which are outlined below.

1. To provide expert information and support. Although new security tools are constantly being developed, there can be some complacency among network managers if their organisations have firewalls and if the antivirus software is up to date. However, numerous other threats and incidents can still occur, such as those based on hacking and denial of service attacks, which exploit weaknesses in hardware and software solutions. Hence organisations could benefit from having access to the expertise and support that a CERT can provide, which ultimately could result in significant cost savings through avoided incidents and reduced downtime when they occur.

2. To supplement internal security plans. Organisations with elaborate computer networks and/or high data protection requirements usually have comprehensive security plans and schemes. However, computer/infrastructure threats are on the rise, and the criminals behind them are also increasing and becoming more sophisticated. Hence those plans and schemes are often not as dynamic as they need to be to address new and developing situations. A CERT could advise on current and imminent threats, and provide guidance on addressing specific occurrences.

3. Cyber-security systems are lacking in the Caribbean. In the region, there is a general sense that due to our small size, we are somehow not being targeted for cybercrime. However, this is not the case. As reported in our post, Where is Internet Governance going in the Caribbean region?, one of the presenters, Gregory Richardson of 1337 Networks Inc. stated that:

  • hacktivists recently breached the websites of several Chambers of Commerce within the region
  • almost all banks in the region have been hacked, and many of them more than once
  • a major Caribbean airline has been hacked.

More importantly, it is likely that a significant number of Caribbean organisations have been breached, but are not yet aware of this.

4. It is a critical consideration to certain investors. Across the Caribbean, all countries depend on foreign direct investment for the continued viability of their economies.  As a result, considerable time and effort are spent courting investors across a broad range of industries, particularly the services sector. Depending on the service, especially those that deal with large volumes of information that must be managed and protected, those companies/investors are reluctant to establish operations within the region due to absence of a CERT. A CERT provides some assurance to investors, and is perceived as strengthening existing cyber-security and data protection frameworks.

Final remarks

In recent years, there has been an increasing awareness of the need for cyber security and data protection mechanisms within the Caribbean region, and most countries have already implemented much needed policy and legislation. Although the legal framework might offer avenues for redress, it is vital for organisations to have access to much needed expertise and support.

CERTs are essential components in any cyber or data protection machinery, and their absence is a grave deficiency across the Caribbean. Although lack of funds is often the reason given for our inaction, our complacency might also be compounded by the fact that we do not fully appreciate the breath and depth of the security breaches that are currently being experienced in our own individual countries and across the region.

Image courtesy of Flickr, Pitel

___________

About the author

Michele Marius

Michele Marius has a wealth of experience in the telecoms and ICT space, which has been gained in the Caribbean, Southeast Asia and the South Pacific, and in the public and private sectors. She is the Editor and Publisher of ICT Pulse.

Permanent link to this article: http://www.ict-pulse.com/2011/12/the-value-of-a-computer-emergency-response-team/

4 comments

1 ping

Skip to comment form

  1. Jen Lacey

    Well said

    1. Michele Marius

      Thanks Jen!

  2. Hallam Hope

    According to a report carried by ICT-Pulse CARICOM officials are proposing a minimum of two megabites as a broadband target for the region. If this is correct my question is how far should we set the bar given that developed countries are aiming for as high as 100 megabites.

    1. Michele Marius

      Hi Hallam,

      This comment seems a bit strange under a post on CERTs. Nevertheless to answer your question, I do agree with you.

      Based on our most recent snapshot of Internet speed and spend across the region (November 2011), all English speaking Caribbean countries already offer Internet packages of 2Mbps. For many, the minimum advertised speed is 1Mbps, many top out at about 8Mbps. Hence having a minimum broadband speed of 2Mbps across the Caribbean is more than achievable.

      CARICOM could have been more ambitious and prepared to advocate either a higher minimum broadband speed (i.e. greater than 2Mbps), and/or an increase in the highest advertised download speeds across the region, especially for those that still hover around 4-8Mbps.

  1. A look back on 2011… | ICT Pulse

    […] to security threats. We are not as aware as we should be, which is compounded by the absence of Computer Emergency Response Teams in most […]

Comments have been disabled.