TRA is currently leading efforts to build the first national E-CERT, in coordination with the ITU, the Local public sector and the Lebanese University.
A National CERT represents a dedicated IT security team that helps a country to mitigate and prevent major incidents and helps to protect its valuable assets, and it is also a centralized coordination point for IT security issues within the country (Point of Contact) and a centralized and specialized handling of and response to IT incidents Expertise at hand to support and assist the users to quickly recover from security incidents. It is also dealing with legal issues and preserving evidence in the event of a lawsuit, and stimulating cooperation within the constituency on IT security (awareness building) and keeps track of developments in the security field.
Computer Incident Response Teams (CIRTs), Computer Security Incident Response Teams (CSIRTs), Computer Emergency Response Teams (CERTs), and Warning, Advice and Reporting Points (WARPs) are coordination centers dealing with computer and online security problems and, as the names would suggest, responding to major incidents. With these teams available, it is possible to mitigate and prevent major incidents.
In addition to reactive services, such as incident response, CERTs can also often provide their customers with a variety of other security services, including: alerts and warnings, advisories, technical assistance and security-related training.
The mission and strategy of a National CERT is to:
- provide ICT security emergency response support to the Government agencies, critical national infrastructures, and the general public within the country via established, trusted, authorized and centrally coordinated initiatives at the national level;
- promote protection and assurance through dissemination of critical information such as early warnings and alert notifications, security advisory, and upholding security best practices;
- Support and sustain all the above initiatives, it will employ advanced technology and techniques, establish methods, and research into threat analyses and mitigations
The National CIRT Strategy shall operate on the core premise for the National ICT Protection within the country, through:
- the implementation of all necessary national CIRT initiatives;
- the support of critical information extended through Regional Cooperation with IMPACT and regional CIRTs and international cooperation through IMPACT;
- the gathering of Global Threat Intelligence via its own technological facility;
- the international association with the other countries’ authorised CIRTs, and other ICT security bodies
- Global Intelligence
- Regional Cooperation
- National Protection