Supporting CSIRT Activities for Africa (in Tunisia)

Hi, this is Katsuhiro Mori from Cyber Metrics Line, Global Coordination Division. This entry introduces our activities in supporting CSIRTs for African region at AFRINIC-29, which was held in Hammamet, Tunisia on 26-30 November 2018.

What is CSIRT establishment support?

JPCERT/CC’s Global Coordination Division has been conducting various activities to support newly-established CSIRTs and those who wish to launch a CSIRT in Africa since 2010. In the African region, the Internet penetration rate has been rapidly growing, which means cyber security incidents are also expected to increase likewise. In order for the local teams to be able to deal with incidents by themselves in a timely and smooth manner, we have been providing technical support for establishing CSIRTs and human resources development.

In the region, the Africa Internet Summit is held in summer, AFRINIC in fall and some FIRST events are also organised occasionally. AfricaCERT, which is the regional CSIRT community, coordinates the venue and participants, and JPCERT/CC supports the events by delivering trainings in cyber security topics. As of November 2018, we have visited 18 cities in the Africa region to deliver trainings.

The history of supporting CSIRT Activities in Africa


Most of the southern part of Tunisia is desert area. If you can recall ‘Tatooine’ planet from the Star Wars series, these scenes were filmed in the area. Hammamet, the city where AFRINIC event was held this year, is located in the Northern part of the country. I felt that the city’s atmosphere reminded me of those in a Middle-Eastern country, rather than another African city.

View in Hammamet Tunis, the Capital
View in Hammamet Tunis, the Capital

OSINT Training

I delivered the Open Source Intelligence (OSINT) training during AFRINIC event, as I did previously in Bali, Indonesia (see a recent article). Attendees were interested in how to utilise typical tools used for OSINT.

At the training Q&A after the training
At the training Q&A after the training

Visit to TunCERT

The National CSIRT of Tunisia, TunCERT kindly invited me to their office during the event. TunCERT was established in 2004, and it is one of the few FIRST members in the African region. It is operating under ANSI (Agence Nationale de la Sécurité Informatique).

TunCERT entrance
TunCERT entrance

They have just moved into this new office a few months ago (just like JPCERT/CC). From the facilities and staff I have seen there, I believe TunCERT has high level of analysis and incident handling capabilities.

CTF (Capture The Flag)

The best icebreaker for cyber security colleagues is the CTF. A CTF competition on malware analysis was held at TunCERT office and colleagues from various CERTs in Africa and myself participated. I was part of the Team Hannibal (named after the Tunisian military commander), which consists of colleagues from Tunisia, Libya, Egypt and myself, and we won the game.

Won the CTF Group photo
Won the CTF Group photo

In closing

In incident handling and information sharing, ‘trust’ is always a key. You could build trust by email or phone conversations, but I believe face-to-face communication creates the strongest connection. Conferences that are held in the African region is an important opportunity for us to meet CSIRT colleagues from various countries in one place. We hope to continue supporting the African CSIRT community in collaboration with AfricaCERT.
(Translated by Yukako Uchida)