What can we learn from computer incident response teams in Africa?

[Updated 03/14/2022] Computer Incident Response Teams (CERT) are units of experts whose mandate is to provide assistance to individuals or institutions that are the subject of cyberattacks. These teams are primarily responsible for identifying hostile malware and preventing its spread throughout the network while mitigating the consequences of the attack. These teams often work within private companies or public institutions, but they may also have national status as government agencies specifically tasked with providing assistance to a wide range of private entities. and public.

The priority tasks of a CERT (Computer Emergency Response Team) are as follows:

  • centralization of assistance requests following security incidents (attacks) on networks and information systems: reception of requests, analysis of symptoms and possible correlation of incidents;
  • processing of alerts and reaction to computer attacks: technical analysis, exchange of information with other CERTs, contribution to specific technical studies;
  • establishment and maintenance of a vulnerability database;
  • prevention by disseminating information on the precautions to be taken to minimize the risks of incidents or at worst their consequences;
  • possible coordination with other entities (outside the area of action): network competence centers, Internet access operators and providers, national and international CERTs.

It is also common to use the acronym CSIRT, standing for Computer Security Incident Response Team.

ITU in its missions works with several Member States in Africa to build capacity at national and regional levels and help create or strengthen national cyber incident response teams. Also, to respond adequately and effectively to cyberattacks, several private sector entities have not remained without action.


Here is a list of IT incident response teams in the Africa region:

1. South Africa

2. Algeria

3. Angola 

  • Being created within the Information Society Development Institute (INFOSI)

4. Benin

5. Botswana

6. Gabon

  • Currently being created within the National Agency for Digital Infrastructures and Frequencies (ANINF)

7. Gambia

8. Ghana

9. Guinea

  • Currently being created within ANSSI-Guinea

10. Guinea-Bissau

  • No

11. Equatorial Guinea

  • No

12. Kenya

13. Burkina Faso

14. Lesotho

  • No

15. Burundi

  • Being created with the help of the International Telecommunications Union (ITU)

16. Libya

17. Cameroon

18. Cap Vert

  • No

19. Central African Republic

  • No

20. Comoros

  • No

21. Congo

  • No

22. Congo (DRC)

  • No

23. Ivory Coast

24. Djibouti

  • Being created within the Information Systems Security Directorate (DSSI) of the National Agency for State Information Systems (ANSIE)

25. Egypt

26. Eritrea

  • No

27. Eswatini (Swaziland)

  • No

28. Ethiopia

29. Liberia

  • No

30. Madagascar

  • No

31. Malawi

32. They had

  • No

33. Maurice

34. Mauritania

  • No

35. Mozambique

36. Morocco

 

36. Namibia

  • No

37. Niger

  • No

38. Nigeria

39. Uganda

40. Rwanda

41. Sao Tome et Principe

  • No

42. Senegal

  • Currently being created within ADIE

43. Seychelles

  • No

44. Sierra Leone

  • No

45. Somalia

46. Sudan

  • SudanCERT (National Telecommunication Corporation)

47. South Sudan

  • No

48. Tanzania

49. Chad

  • Being created with the help of the International Telecommunications Union (ITU) within the National Agency for Computer Security and Electronic Certification (ANSICE)

50. Togo

51. Tunisia

52. Zambia

53. Zimbabwe

  • No

Sources: International Telecommunications Union (ITU), World Bank, AfricaCERT, FIRST

 

Additionally, it is important to highlight the role that AfricaCERT ( https://www.africacert.org/ ) plays in the CERT ecosystem in Africa. It is a non-profit organization founded to provide leadership in issues related to cybersecurity in Africa. AfricaCERT helps strengthen cybersecurity preparedness in the African Internet ecosystem. The objectives of AfricaCERT are to support African countries in establishing and operating Information Security and Incident Response Teams (CSIRTs) by providing expertise and guidance for the formulation of initiatives, programs and projects related to the launch of CSIRT in African countries and to encourage and support cooperation between teams in the African Internet Services region.

Finally, we can remember that:

  • 21 countries do not yet have an IT incident response team
  • 05 countries have an ongoing project for the establishment of a CERT
  • 24 countries have at least one operational CERT
  • 31 IT incident response teams in Africa

 

Malick K. ALASSANE,
IT Security Analyst