In a bid to efficiently fulfil its mission of security watch, ANTIC has set up a Computer Incident Response Team (CIRT) that carries out three main activities notably: prevention, detection and response.
With regard to preventive actions, CIRT:
- Carries out vulnerability scans which allow the detection of vulnerabilities inherent in information systems before they get exploited by cybercriminals;
- Collects security alerts from cyber security solution providers and software vendors, generates customised bulletins from the collected alerts with a view to addressing security concerns peculiar to state and private institutions. The bulletins are then made available to focal points of these institutions who are charged with the implementation of the recommended corrective measures;
- Develops security reference documents;
- Raises public awareness on cyber security.
On detection, CIRT conducts real time monitoring of critical infrastructure within the Cameroonian cyberspace with the aid of appropriate technical tools that allow for the detection of potential attacks and intrusions, with a view to providing prompt and efficient response.
Its response actions entail gathering and analysing digital evidence which allows for the identification and geolocalisation of cybercriminals within the framework of cybercrime investigations. Response activities also involve processing incidents recorded as well as collaborating with other CIRTs and international cybersecurity organisations such as INTERPOL and AfricaCERT.
What is security intelligence?
Security intelligence is a continuous process which ensures the disposition of a system to latest security patches and the surveillance of the said system with the view to detectig in real time, attempted intrusion attacks, for the provision of a prompt and effective response.
Which legal framework governs this activity?
Law No 2010/012 of 21 December 2010, in Artile 7 states that ANTIC should carry out technology watch and issue alerts and recommendations regarding the security of electronic communications networks and certification.
How does ANTIC ensure its mission of security intelligence?
To fulfil its security intelligence mission, ANTIC has established a Computer Incident Response Team (CIRT), which has two main responsibilitis:
- Prevention: CIRT is responsible for taking steps to prevent cyber-attacks;
- Incident Response: In case of an attack or incident, CIRT promptly intervenes to clear the attack and identify the attacker.
What are the main functions of CIRT?
The main functions of CIRT are as follows:
1. Surveillance of critial natinal cyberspace infrastructure and prompt response to incidents
CIRT identiis sensitive national cyberspace infrastructure and installs special technical devices that permit it to be notified in real-time in case of an incident. Once notified, CIRT provides an effctive prompt response which consists of blocking the attack, correctig the vulnerability exploited, identiying and locatig the attacker
2. Issuance of security alerts and bulletis
In order to prevent cyber-attacks, CIRT regularly issues security alerts and bulletins about vulnerabilities inherent in some systems and sofwtare as well as recommendations to correct them. These security bulletins are intended for IT officials and the general public who must implement the formulated recommendations in order to protect their systems.
3. Cybersecurity awareness
The disturbing factor in the evolution of cybercriminality is that Internet users are not sufficiently aware of the subject. As such, CIRT is striving to raise cybersecurity awareness among users and IT officials. This awareness is done through the publication of Internet safety guides (for parents, children, and enterprises), brochures and magazines, radio and television programmes as well as the organisation of seminars and forums.
4. Assistance to users and companies in dealing with security incidents
Moreover, it should be noted that according to Artile 7 of Decree No 2012/1643/PM, any private or public agency is required to notiy ANTIC about any computer security incident affctig its network
5. Development of a reference framework for the security of informatin systems
In order to avoid disorganised management of informatin systems’ security, it is imperatie to set standards. These standards defie the organisatinal and technical measures to be taken to ensure the security of informatin systems. They are intended for enterprises, administratins and even consumers.
So far, CIRT has developed a set of standards including the security policy of public administrations, the guide to secure websites, the standard architecture of public administratie informatin systems.
6. Investiatins related to cybercriminality
Law No 2010/012 and 2010/013 of 21 December 2010 have filed the legal vacuum that existed in the area of cybercriminality. Therefore, cybercriminals can now be subjected to criminal prosecution and penalties.
Within the framework of investigations related to cybercrime, law enforcement and judicial authorities may seek technical expertise from CIRT, including the acquisition and analysis of digital evidence. The collaboration between CIRT and law enforcement authorities is prescribed by Article 52 of Law No 2010/ 012.
7. Gathering of cybercriminality statitis
To follow-up the evolution of cybercriminality in Cameroon, CIRT has developed a system of managing statistics related to cybercriminality. With this system, CIRT categorises cybercrimes perpetrated in Cameroon in terms of type, geographic location and can follow their evolution over time. This provides CIRT with sufficient data to elaborate adequate strategies for the fight against cybercriminality.
8. Collaboratin with other CIRTs
Cybercriminality is a cross-border phenomenon and as such Cameroon’s CIRT must work with CIRTs of other countries and other international organisatoins dealing with cybersecurity issues. It is for this reason that CIRT works with organisations such as IMPACT, INTERPOL and AFRICACERT.