Project

Training for Incident Response Teams (CSIRTs) – Improving South Africa’s response to national cyber threats 

Suggest a page edit

About

Cybil code: G0927

Status: Finished

From: Mar 2019

To: Mar 2023

Implementors

Partners

Countries

Contact

Summary

This project is part of the United Kingdom Foreign, Commonwealth & Development Office (FCDO) commitment to build national cyber security capacity and resilience to cybersecurity threats in five middle-income countries. The UK Government’s Digital Access Programme provides support through: Government-to-Government technical assistance; cyber hygiene training; public awareness-raising; and research. It aims to reduce the impact of cyber harms on their governments, economies and citizens – particularly amongst groups vulnerable to online exploitation.

Details

Aim

To strengthen national incident response by building on existing infrastructure for and with the Cybersecurity Hub, the National CSIRT from the Department of Communications and Digital Technologies Sector CSIRTs, the South African Reserve Bank (SARB), and the South African Police Service (SAPS).

Context

Existing infrastructure covered a Cybersecurity Hub, which is the national Computer Security Incident Response Team (CSIRT) for the private sector in South Africa, and a government CSIRT which serves government departments and several industry sector equivalents. However, there was a lack of communication and coordination across these CSIRTs making national response challenging.

Outcomes

  • Improvement in the capability for coordinating a national South African cyber incident response.
  • Recommended next steps to the South African government.

Outputs

Over 100 participants were trained covering Government (CSHUB-CSIRT), sector CSIRTs (incl. FS, Telco, Higher education and CSIR) and regulators (SARB, PASA) which resulted in an increased awareness of the challenges involved in delivering a successful incident response.

Activities

  • Delivery of three simulation events to test different sectors’ responses to a cyber incident – which revealed strengths and weaknesses of leadership, coordination and communication. Analysis of decisions to determine what worked, what didn’t and how the response protocols might need to be amended.
  • Incident response workshops to explore the outputs of the simulations which identified lessons learned, recommended actions, identified contingency planning and articulated roles and responsibilities.

The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.