Infosecurity

Govt will not fight cyber security war alone

4 May 2009

The internet has transformed the way many advanced societies work, live and play. It has not only created new industries but also transformed the way traditional industries are operated. Along with the Internet’s phenomenal growth and success have been a growth in computer-related crimes.

The range of criminal activity that the internet supports is vast ranging from commercial to consumer, to national security and public safety threats.

View photos

Related Articles

• UK launches cybersecurity agency
• South Korea and US strike deal to fight cyber crime
• Canada develops new cyber security strategy

Related Categories

• INFOSECURITY

From this Section

• SPOTLIGHT

In response to this growing threat, many organisations and national governments have recognised the need to take proactive measures against internet threats as well as develop programs to mitigate such threats through timely and effective response.

One such effort has resulted in the establishment of the Computer Emergency Response Team (CERT) Coordination Center by DARPA in November 1988 after the Morris worm struck1. Since then, CERT has become a major coordination center in dealing with internet security problems and many countries have established similar organisations.

CERT, also known as Computer Security Incident Response Team (CSIRT), is a team that responds to computer security incidents by providing necessary services to mitigate or support their resolution, and take pro-active action to prevent computer security incidents within its constituency or responsibility.

The benefit of the establishment of CSIRT is to serve as a central coordination point for ICT-security incident response for a particular organization or country. It is also important to note that CERTs utilization of the information gained during an incident results in better handling of future incidents by the exchange of the new found knowledge with other CSIRTs.

Some CSIRTs are also responsible for monitoring, detecting and mitigating acts of criminals and internet abuse and threats to national and key industry ICT infrastructure.

Such threats are not new. We have witnessed the Denial-of-Service attacks against large corporations and government agencies, such as the cyber attacks on Estonia and Georgia.

Internationally, the Forum of Incident Response Security Teams (FIRST) comprises of over 200 CSIRTs representing national governments as well as corporations. In Asia-Pacific, the APCERT provides a forum for 15 national CSIRTs in Asia and Pacific to meet and collaborate.

As part of the collaboration, partnerships between public entities and private industry play an important role in helping protect national critical IT infrastructures. Such collaboration can provide an effective means to make available the information necessary for national CSIRTs to better respond to computer security incidents and help protect public safety.

Microsoft recognizes the unique role governments play in responding to computer security incidents and protecting their constituencies. The Security Cooperation Program (SCP) is a global initiative from Microsoft that enables Microsoft and governments to share information that can help governments respond more efficiently and effectively to computer security incidents and minimize the impact of attacks on the IT infrastructure.

Accordingly, the SCP includes an agreement to share critical information in the event of computer security emergencies. Microsoft provides a 24/7 hotline for SCP participants and works with participants to define a process for disseminating information in the event of a critical incident or emergency.

The SCP also offers opportunities for information sharing with staff at Microsoft Corporate Headquarters in Redmond, Washington. The two-day visit to Microsoft is an opportunity for government participants to interact directly with Microsoft staff by meeting with product development and support teams, as well as Microsoft leadership, face-to-face. Discussions typically focus on current and future security of Microsoft products and how Microsoft responds to security incidents.

Microsoft will also assist SCP participants at their request with consumer education and outreach activities. Microsoft experts will be available upon reasonable notice to speak at consumer education and outreach activities. Microsoft can also make available materials that may be valuable for any consumer education and outreach activities.

Eligible participants include government agencies and ministries at the national level, government-supported organizations such as CERTs and CSIRTs. Most recently, the SCP program has been expanded to include academic institutions and non governmental agencies to ensure that the entire security ecosystem has the ability to ensure online safety.

CSIRT Models
There is a number of models employed in the development and operations of a CSIRT: