04/04/2017

SEI CERT Division and State Department Team Up on Sub-Saharan Cybersecurity Effort

April 4, 2017—The SEI recently concluded the latest phase of a multi-year engagement to advance and develop cybersecurity capacity at the Côte d’Ivoire national computer security incident response team (CI-CERT). The engagement, which began in January 2015, was organized by the United States Department of State Office of the Coordinator for Cyber Issues (S/CCI), which advances U.S. interests in cyberspace and promotes an open, interoperable, secure, and reliable information and communications. The engagement was part of a larger S/CCI effort to develop cybersecurity capacity in Sub-Saharan Africa.

“CI-CERT was seeking to expand its role in securing networks in Côte d’Ivoire,” explained James Lord, who leads the SEI CERT Division’s International Cybersecurity Initiatives (ICI) team. “A more capable CI-CERT aligns with S/CCI goals by helping to ensure a secure cyberspace worldwide.”

In support of the objectives of CI-CERT and S/CCI, the SEI CERT Division sent a team to Abidjan, Côte d’Ivoire to conduct a five-day advanced incident-handling workshop. The SEI team comprised members of ICI and the Computer Security Incident Response Team (CSIRT) Development and Training team. Tracy Bills, Lord, and Justin Novak represented ICI, and Mark Zajicek represented the CSIRT Development and Training team.

The purpose of the workshop was to expose CI-CERT analysts to needed skills in the areas of artifact analysis, log analysis, and vulnerability handling, all of which are needed to address advanced incidents such as distributed denial of service attacks and rootkits. SEI personnel lectured on a variety of incident- handling topics and practical exercises that gave participants an opportunity to practice skills learned in the lectures. In addition to CI-CERT staff, participants included representatives of the Telecommunications and ICT Regulatory Authority of Côte d’Ivoire (ARTCI). Incident handlers from Cote d‘Ivorian telecommunications companies also participated. ARTCI provided translation services for both students and instructors.

“The students were very engaged,” said Zajicek. “They frequently asked well-informed and topical questions, not only during the lectures and exercises, but even during the breaks.”

The workshop followed a two-year period in which the SEI and S/CCI worked to integrate CI-CERT with the international CSIRT community. “We first met with representatives of CI-CERT at an event in Tunisia in May of 2015,” said Lord, “With the help of S/CCI, we arranged for CI-CERT to attend the CERT Division’s National CSIRT meeting in Berlin, Germany in June of that year.”

Following those initial meetings, the ICI, along with representatives of S/CCI, visited Côte d’Ivoire in April 2016 to conduct a site assessment and other tasks related to CI-CERT’s bid to become an official member of the Forum of Incident Response and Security Teams (FIRST). CI-CERT’s application was approved by the FIRST Board in September 2016.

Throughout this engagement, the SEI has worked with CI-CERT and ARTCI on additional cybersecurity capacity development efforts, such as services, constituency engagement, and training workshops. This work resulted in an action plan for CI-CERT that was approved by S/CCI. Future work might include additional training on specific topics relevant to CI-CERT and partnership building with other national CSIRTs.

To learn more about the SEI CERT Division’s work with national CSIRTs, visit http://cert.org/incident-management/national-csirts/.