A national CSIRT for Costa Rica
Together with the Ministry of Science, Technology and Telecommunications, NIC Costa Rica is advancing in the implementation and operation of a national CSIRT. With this backdrop, LACNIC organized its first AMPARO computer security workshop in San Jose.
In the opinion of Wilmer Ramirez Morera , engineer with the Cybersecurity Unit of Costa Rica´s Ministry of Science, Technology and Telecommunications, the AMPARO workshop was a very rewarding and well-designed initiative. Ramirez Morera briefly explained and presented practical examples of the different steps involved in setting up a CSIRT.
“The workshop and some of the exercises that were presented helped us clear some of the doubts and uncertainties regarding the CSIRT´s scope and functions. The manual has also become a reference for the region on how to set up a computer security incident response team.”
Tomas Ananía, Deputy Executive Director of NIC.CR, said the workshop provided invaluable information for the establishment and operation of a CSIRT from an administrative point of view. He added that the way in which the exercises had been presented “highlighted the need to be properly organized within the CSIRT, as clear roles and proper communications at internal level, towards customers and other CSIRTs will determine the CSIRT´s ability to respond and solve any incidents it may encounter.”
Ramirez believes that the workshop will be an invaluable tool for starting up additional CERTs and CSIRTs throughout Central America. Notwithstanding, he argued that there are still “great obstacles and challenges ahead for a broader adoption of computer security, the most relevant of which include greater public awareness, a stronger commitment on the part of corporate leadership as regards this issue, and an increase (or the allocation) of computer security team budgets.”
In Ananía´s opinion, one of the major computer security challenges in Costa Rica is precisely the consolidation of the country´s national CSIRT. Both the Ministry of Science, Technology and Telecommunications as well as NIC.CR and other organizations that are cooperating and working to strengthen cybersecurity are very confident that this project will be extremely beneficial for the country. “We must continue to support our CSIRT so that, slowly but surely, a trust network will be created that is able to protect Costa Rica´s critical infrastructure,” Ananía added.
He thanked LACNIC for their help in providing training and support to allow the region to further strengthen its different programs and projects.
In the same sense, Ramirez noted that he believes “LACNIC will be a great ally in this effort to strengthen the computer security culture, contributing educational material, making available regulations, recommendations and other documents, and promoting international partnerships and cooperation mechanisms among the various regional and global stakeholders involved in cybersecurity. We are very grateful for the efforts and support provided by LACNIC and hope the organization will continue to provide guidance for future projects.”