Establishing CSIRT for a Heterogeneous Academic Institute

Abstract

The tremendous growth of information technology has abruptly changed the world into a global village. It has caused the distances to shrink and information to instantly flow across the globe. At the same time it has also given boost to vulnerabilities, threats, frauds and criminal activities in the cyberspace. The ease of access, user friendly hacking tools and sophistication in cyber attacks has infringed the privacy of the individuals, organizations and states. Pakistan is facing multifaceted cyber threats in the present era. Unless we start realization of threats and insecurity, we cannot develop appropriate response mechanism. So, the cyber attacks that have occurred on the government, corporate and private sectors within last couple of years have been analyzed in this research to identify severity, scope and dynamics of threats to Pakistani ICT infrastructure and resources. Further, existing response capability at government and organizational level is evaluated and the dire need to establish national, organizational and academic CSIRTs has been emphasized. It is feared that non existence of any cyber security laws, void of response mechanism and lack of organizational framework in the country presents Pakistan’s cyberspace as a heaven for the criminals and malicious operators / users. It is noted that Pakistan government and academic institutes not only require realization of cyber threats and consequences of its uncontrolled usage but also need to develop appropriate response mechanism to guard against such threats. Having established the need of a computer security incident response team, an academic CSIRT is proposed in the thesis. The structural and organizational components have been identified and roles / duties have been formulated. The major components of establishing a NUST-CSIRT coordination center have been given more deliberation and proposed to be established at a leading campus of NUST having Information security department. The organization and its operational component and procedures have been evolved and presented in the document. The basic functional elements of NUST-CSIRT are defined like the constituency, mission statement, objectives, incident handling reporting and incident handling process. The initial CSIRT services are defined and infrastructure / resources required to provide these services have been identified and discussed. The organizational design proposed in the document is however, modular and additional components may be added at any stage due to technological developments or specific threat scenario.