What can we learn from computer incident response teams in Africa?
[Updated 03/14/2022] Computer Incident Response Teams (CERT) are units of experts whose mandate is to provide assistance to individuals or institutions that are the subject of cyberattacks. These teams are primarily responsible for identifying hostile malware and preventing its spread throughout the network while mitigating the consequences of the attack. These teams often work within private companies or public institutions, but they may also have national status as government agencies specifically tasked with providing assistance to a wide range of private entities. and public.
The priority tasks of a CERT (Computer Emergency Response Team) are as follows:
- centralization of assistance requests following security incidents (attacks) on networks and information systems: reception of requests, analysis of symptoms and possible correlation of incidents;
- processing of alerts and reaction to computer attacks: technical analysis, exchange of information with other CERTs, contribution to specific technical studies;
- establishment and maintenance of a vulnerability database;
- prevention by disseminating information on the precautions to be taken to minimize the risks of incidents or at worst their consequences;
- possible coordination with other entities (outside the area of action): network competence centers, Internet access operators and providers, national and international CERTs.
It is also common to use the acronym CSIRT, standing for Computer Security Incident Response Team.
ITU in its missions works with several Member States in Africa to build capacity at national and regional levels and help create or strengthen national cyber incident response teams. Also, to respond adequately and effectively to cyberattacks, several private sector entities have not remained without action.
Here is a list of IT incident response teams in the Africa region:
1. South Africa
- National Team: https://www.cybersecurityhub.gov.za
- The South African National Research Network : https://csirt.sanren.ac.za/
- UCT CSIRT - University of Cape Town : https://csirt.uct.ac.za/
- ECS-CSIRT - Electronic Communications Security (State Security Agency)
- SBG CSIRT - Standard Bank Group CSIRT
2. Algeria
- DZ-CERT: http://www.cerist.dz
3. Angola
- Being created within the Information Society Development Institute (INFOSI)
4. Benin
- bjCSIRT (ANSSI-Benin): https://csirt.gouv.bj
- UNB-CSIRT - https://csirt.etudiant.bj
5. Botswana
- BW CERT – https://www.cirt.org.bw
6. Gabon
- Currently being created within the National Agency for Digital Infrastructures and Frequencies (ANINF)
7. Gambia
- The Gambia Computer Security & Incident Response Team – https://gmcsirt.gm/
8. Ghana
- National Team: CERT-GH : https://www.cert-gh.org
- National Communication Authority : https://nca-cert.org.gh
9. Guinea
- Currently being created within ANSSI-Guinea
10. Guinea-Bissau
- No
11. Equatorial Guinea
- No
12. Kenya
- National KE-CIRT / CC (The Communications Authority of Kenya) : http://www.ca.go.ke ou http://www.ke-cirt.go.ke/
- ICIRT Tespok : https://www.tespok.co.ke /
- KENET-CERT : https://cert.kenet.or.ke/
13. Burkina Faso
- CIRT.BF : http://www.cirt.bf
14. Lesotho
- No
15. Burundi
- Being created with the help of the International Telecommunications Union (ITU)
16. Libya
- LibyaCERT: https://nissa.gov.ly
17. Cameroon
- CIRT (Agence nationale des TIC – ANTIC): http://www.cirt.cm
18. Cap Vert
- No
19. Central African Republic
- No
20. Comoros
- No
21. Congo
- No
22. Congo (DRC)
- No
23. Ivory Coast
- CI-CERT: http://www.cicert.ci
24. Djibouti
- Being created within the Information Systems Security Directorate (DSSI) of the National Agency for State Information Systems (ANSIE)
25. Egypt
- EG-CERT (National Telecom Regulatory Authority – NTRA) : http://www.egcert.eg/
26. Eritrea
- No
27. Eswatini (Swaziland)
- No
28. Ethiopia
- Ethio-CERT (Information Network Security Agency) : http://ethiocert.insa.gov.et
29. Liberia
- No
30. Madagascar
- No
31. Malawi
- Malawi Computer Emergency Response Team – https://mwcert.mw
32. They had
- No
33. Maurice
- CERT-MU (National Computer Board) : http://www.cert-mu.org.mu
34. Mauritania
- No
35. Mozambique
- Mozambique Research and Education Network, MoRENet : https://cert.morenet.ac.mz/
- National Team – CSIRT.GOV – https://csirt.gov.mz/
36. Morocco
- EDU-CERT – http://www.educert.ma/
- maCERT (Government) – http://www.dgssi.gov.ma/macert.html
36. Namibia
- No
37. Niger
- No
38. Nigeria
- National Team – ngCERT : http://www.cert.gov.ng
- CERRTng (Office of National Security Adviser - ONSA) : http://www.cerrt.ng
39. Uganda
- National Team :(CERT.UG) : https://cert.ug
- Uganda Communications Commission (UgCERT) : https://www.ug-cert.ug
40. Rwanda
- RW-CSIRT : http://www.rw-csirt.rw/eng
41. Sao Tome et Principe
- No
42. Senegal
- Currently being created within ADIE
43. Seychelles
- No
44. Sierra Leone
- No
45. Somalia
- SOMCERT – https://somcert.gov.so/
46. Sudan
- SudanCERT (National Telecommunication Corporation)
47. South Sudan
- No
48. Tanzania
- TZ-CERT (Tanzania Communications Regulatory Authority) : http://www.tzcert.go.tz
49. Chad
- Being created with the help of the International Telecommunications Union (ITU) within the National Agency for Computer Security and Electronic Certification (ANSICE)
50. Togo
- CERT.TG : https://cert.tg/en/cert-en/
51. Tunisia
- tunCERT : https://tuncert.ansi.tn
- CSIRT.TN (Private) : https://csirt.tn/
- Tunisian Financial CERT – https://www.financialcert.tn/
52. Zambia
- ZmCIRT (Zambia Information and Communication Technology Authority) : http://www.cirt.zm
53. Zimbabwe
- No
Sources: International Telecommunications Union (ITU), World Bank, AfricaCERT, FIRST
Additionally, it is important to highlight the role that AfricaCERT ( https://www.africacert.org/ ) plays in the CERT ecosystem in Africa. It is a non-profit organization founded to provide leadership in issues related to cybersecurity in Africa. AfricaCERT helps strengthen cybersecurity preparedness in the African Internet ecosystem. The objectives of AfricaCERT are to support African countries in establishing and operating Information Security and Incident Response Teams (CSIRTs) by providing expertise and guidance for the formulation of initiatives, programs and projects related to the launch of CSIRT in African countries and to encourage and support cooperation between teams in the African Internet Services region.
Finally, we can remember that:
- 21 countries do not yet have an IT incident response team
- 05 countries have an ongoing project for the establishment of a CERT
- 24 countries have at least one operational CERT
- 31 IT incident response teams in Africa
Malick K. ALASSANE,
IT Security Analyst