SA to establish a national computer security incident response team

South Africa is to establish a national computer security incident response team (CSIRT) to prevent, contain and ameliorate cyber attacks and apprehend computer criminals, says CSIR researcher Simon Nare.
The Council for Scientific and Industrial Research`s latest newsletter says Nare recently attended a symposium in the Netherlands to learn how to establish a national CSIRT.
The newsletter says a CSIRT “is a service organisation that is responsible for receiving, reviewing and responding to computer security incident reports and activity”.
Nare says SA will benefit from such a organisation once established. “We [information security experts] will be able to respond to incidents that occur in this country, such as virus outbreaks, hacking and other security matters.
Meanwhile, the State IT Agency (SITA) has opened a new R55 million Network Operating Centre (NOC) at its Centurion headquarters. IT news service ITWeb says the NOC is an integrated system that proactively monitors activities and malicious data coming into the national network or leaving it.
Acting SITA CEO Femke Pienaar says the launch of the NOC, which also incorporates a Security Operating Centre, is the result of 18 months of comprehensive planning.
In addition, the centre will implement efficient incident and malware resolution, service level agreement management, as well as capacity, change and configuration management, across all government departments.
Prior to the recent implementation of a next-generation network (NGN), the Government Common Core Network lacked proactive data monitoring, and incidents would have been passed from section to section.
All security or WAN-related incidents had been handled separately, using a silo approach. WAN staff monitored WAN services and data links only, while security staff only monitored intrusions and violations of security levels.
ITWeb reports R40 million of theR55 million was spent on the software, while R15 million was invested on the actual centre.
“SITA is convinced that the new service will enhance government’s service delivery capacity,” says Pienaar. “When a network incident occurs, the applicable system or tool detects the incident and an automated trouble ticket is sent to the Action Remedy System (ARS).
“The ARS will then, in turn, route the trouble ticket to the applicable group of engineers. After the incident is corrected, a closed trouble ticket will be sent to the ARS. The incident is then closed. The entire process is automated and, essentially, there is no human interference.”
Pienaar added the SITA NOC has the biggest installed video wall in Africa. With its 36x127cm plasma screens, this is a first for the continent, she added.
Navin Singh, GM of Converged Communications Services, the vendor that built the NOC, says the centre is “an aggregation of all the systems coming together into one unified management platform that you can pre-empt events coming in, monitor the utilisation of the network and provide a high-quality service.”
Singh notes the three-year journey to develop the centre led to creating a scalable system that improves business intelligence and can monitor the entire e-government system more effectively than its predecessor.