Visit to Mexico and Brazil
Hi there, it’s Yuka from Global Coordination Division.
One of the important missions of our team is to develop and maintain relationship with our foreign counterparts in preparation for cyber security incidents that require international cooperation. While we have connection with many CSIRTs in North America, Europe, Asia and Africa regions through CSIRT communities and regular meetings, we had had only few opportunities to travel to Latin America so far. This fact led us to launch a research project on Latin American CSIRTs, and as part of the project I had a chance to visit CSIRTs in Mexico and Brazil.
Mexico
Mexico City is located at an altitude of 2,250m. Being in the highland, there was quite a big temperature differences throughout the day. When we visited, the temperature went up to about 25C (which was quite hot under the sun) but it went down to 10 or lower at night. CERT-MX, the National CSIRT of Mexico, operates within the Scientific Division of the Federal Police, and it is located in the same facilities where they run laboratories to examine DNA, fingerprints and other samples that are collected for criminal investigations. Working as a department within the Police, part of CERT-MX staff has the rights to investigate and arrest suspects. Mexico is facing many cyber attacks resulting in financial loss such as phishing and unauthorised access to banks, but CERT-MX is dealing with these cases from the investigation perspectives.
Photo: Meeting with CERT-MX
Brazil
Following the meetings in Mexico City, we took a 10-hour flight down to São Paulo, Brazil. It is 18,500km away from Tokyo, which is exactly on the opposite side of the earth. There, we visited CERT.Br, the National CSIRT of Brazil. CERT.Br is an organisation operating under NIC.Br, which is a non-profit, private entity for managing and promoting Internet services in Brazil. JPCERT/CC and CERT.Br share common characteristics being a non-government and non-profit organisation. Also, CERT.Br and JPCERT/CC are one of the oldest National CSIRTs – CERT.Br (including the time of its predecessor) started operation in 1997 and JPCERT/CC in 1996.
CERT.Br is an experienced CSIRT and has high level technical capabilities. For example, in the past Brazil was known to hold many improperly configured servers that were leveraged for sending spam emails. However, the effort through an anti-spam task force (CT-Spam), they exchanged information with nationwide ISPs and also conducted awareness raising activities for general users. The result was obvious as illustrated in Figure 1, ending up with much reduced spam reports after 2011.
Figure 1 Cases of spams reported to CERT.br
Source: CERT.Br Website "Estatísticas de Notificações de Spam Reportadas ao CERT.br" [1]
With their long-run expertise in CSIRT operations, CERT.Br actively contributes to the regional capacity building initiatives led by OAS (Organization of American States) and LACNIC (The Latin American and Caribbean IP address Regional Registry) and provides training to neighbouring countries.
Photo: Meeting with CERT.Br
In closing:
As a first run of the research, we focused on Mexico and Brazil who are in the leading position in cyber security activities in the Latin America. We believe that further research on other countries will deepen our understanding of the landscape in the region, and we look forward to the next opportunities to travel.
Finally, to visualise our outreach efforts, on the world map at our office entrance we are now posting photos that are taken in the countries that we have visited in the past years. (I added the photos from Mexico and Brazil below.) We are hoping to expand our outreach and fill in the maps with more photos!
Photo: World map with photos (at JPCERT/CC office entrance)
Thanks for reading.
- Yukako Uchida
Reference
[1] CERT.Br "Estatísticas de Notificações de Spam Reportadas ao CERT.br" (https://www.cert.br/stats/spam/)