Professional Documents
Culture Documents
Background ............................................................................................................... 2
Objectives ................................................................................................................. 2
Assessment justification............................................................................................. 5
Readiness assessment................................................................................................. 5
Bibliography ............................................................................................................ 10
1. Background
The Worldwide Telecommunication Union and a team of authorities from IMPACT, carried out
an enthusiastic assessment of the cybersecurity condition in five least industrialized countries in
South Asia to review the familiar and regulatory framework, existing critical information
substructure, identify areas of improvement and recommend a suggestion for establishing a
Computer Incidence Response Team (CIRT). This evaluation was carried out as an input to the
ITU Governmental Forum held from 3-5 August 2010 in the Maldives which resulted in a
ministerial assertion resolution priority area inter alia for cybersecurity in the Maldives. (Sector,
2012)
2. Objectives
The aims of the CIRT evaluation study were to calculate the expertise and readiness to build an
ecological national CIRT, based on an analysis of investor attributes with relevance to security
incident response needs of ABBMN countries. The national CIRT will identify, respond to, and
manage cyber threats and at the same time develop cybersecurity.
The additional goals and deliverables of the valuation study were to:
P a g e 2 | 10
4. The need for a national CIRT
The developments and statistics speak for themselves, and the rapidly increasing number of
cyberattacks is now a global trend. Cyber-attacks that were previously introduced only for
nuisance purposes or by “script-kiddies” have now escalated into more catastrophic attacks
motivated by money, political programs, and in some cases as weapons of cyberterrorism.
Among all cyber threats, targeted attacks have the most influence. The motivations for such
attacks can range from theft, such as phishing, to critical intelligence gathering leading to a
larger impact attack, such as a major distraction to telecommunications public services.
Targeted attacks have also grown in sophistication by striking from supplied bases.
The important role of administration in the fight alongside cyber threats is to:
Having emphasized what a national CIRT is and the need to establish one, the benefits of
establishing a national CIRT are to:
The creation of a national CIRT is as important as having emergency vital services such as a fire
department and a police force and the benefits cannot be underestimated. Figure 2.1 shows
how ITU-IMPACT illustrates the roles and accountabilities that a national CIRT can play in
protecting against cyber threats and potentially drive and promote initiatives such as national
cybersecurity approaches, policies, cyber forensics services, national Public Key Infrastructure
P a g e 3 | 10
(PKI), digital signatures, governance, legislation, Dangerous Information Infrastructure
Protection (CIIP), cybersecurity awareness, training and education, research, international
cooperation, and security assurance.
The findings in this section are based on stakeholder accounts. The stakeholders provided
knowledge regarding the threat landscape in the Maldives. Representatives from CAM
(Telecommunication Authority) took the time to discuss with the ITU/IMPACT expert and
describe the threats and actual cybercrime cases they have confronted over the past few
years.
a) Overall, there isn’t any mechanism for informing cybercrimes in the Maldives.
Facilities and skilled individuals to detect computer crime incidents are not
generally available.
b) Cybercrime in the Maldives ranges from credit card schemes and phishing to
various forms of unauthorized access, hacking and destruction, child abuse
(via chat), and social networking websites. For Instance, in April 2008, three
Maldivians and one Malaysian were apprehended by the Maldivian Police on
charges of using fake credit cards to purchase Rf3.5 million worth of goods
from shops45.
c) Fake SMS, SMS phishing, and spam are also common in the Maldives.
Recommendations
a) It is clear from the above results that the setting up of a national CIRT as a focal
point to manage incidents, and as a coordination center to manage information
sharing and information flow on cybersecurity is vital. Awareness of the need to
report all incidents to this central point is vital. The CIRT will also provide
knowledge of available best practices that can be shared and employed on their
respective networks.
P a g e 4 | 10
b) ii. In the future, large organizations that are responsible for the country’s critical
federal infrastructure should establish their CIRTs in collaboration with the
national CIRT. These would be known as sector CIRTs, and they would be
residents of the national CIRT.
6. Assessment methodology
The on-site assessment and off-site certification were administered by ITU-IMPACT experts.
The on-site appraisal methods include meetings, training, conversation conferences, and
site visits. The meetings and face-to-face interview sessions are conducted employing a
questionnaire and responses gathered were accustomed to assessing the necessity for and
existing capability of national cybersecurity systems. The knowledge gathered was also
accustomed from the suggestions for an inspiration of action which is printed during this
report.
7. Assessment justification
The readiness assessment is split into focal areas that time out the problems, detail the
findings and analysis conducted, additionally recommend solutions to the concerns. The
focal areas include the ICT readiness of the country, cyber threats affecting the country,
cybersecurity/ICT legislation, common standards/regulatory framework,
population/stakeholder participation, cybersecurity training, and education, physical
infrastructure, and operational aspects, and therefore the financial model to be approved
8. Readiness assessment:
The Maldives This section contains all the key findings from the evaluation including, key
issues, analysis, and proposals for the enhancement of the cybersecurity situation within
the Maldives. These findings, issues, analyses, and suggestions are supported the data
concluded during the on-site assessment and general research conducted by the authority.
P a g e 5 | 10
9. ICT infrastructure
This section presents the findings on the quality of ICT infrastructure within the Maldives,
the extent of use of ICT facilities like system infrastructure and access devices, and therefore
the level of dependency on ICT for communication of key machineries within the country’s
administration, governmental institutions, organizations still as private entities.
From the on-site meetings and interviews performed, we gathered the subsequent
information:
e) Dhiraagu launched the web to the Maldives in October 2006 with dial-up
connections for about 575 users. the web community within the Maldives has
grown quickly over the past decade to succeed in 87,862 users in 200939. This
represents a penetration rate of twenty-two. 2 percent of a complete people of
P a g e 6 | 10
396,334 (2009 census). As of 2009, Maldives counted 17,880 broadband Internet
users. (Sector, 2012)
Recommendations
The need for CIRT services has already been underlined in chapter 1 of this report.
Mitigating and eradicating cyber threats affecting a rustic is one in each of the critical
considerations when establishing a national CIRT. This section discusses the key findings,
issues, analysis, and proposals concerning cyber threats involving the Maldives. The
P a g e 7 | 10
findings during this section are support stakeholder accounts and knowledge provided
by some key personnel. Often there have been no supporting documents to verify their
facts
Recommendations
one of the obstacles to making a sustainable CIRT is the convenience of locally produced
cybersecurity expertise. Many CIRTs failed because of this. This section discusses the key
findings, issues, analysis, and proposals for local cybersecurity experts within the
Maldives.
P a g e 8 | 10
a) From the data collected and research conducted by the ITU/IMPACT
expert, it may be concluded that the number of locally formed cybersecurity
experts within the Maldives remains low.
Recommendations
a) The most pressing matter now's the institution of the national CIRT and
getting the right technical expertise to control it. This can be achieved by
collaborating with local experts just like the Maldives Open-Source Society
(MOSS) or sending identified candidates for appropriate education and
seminars, either locally (if available) or abroad.
As discussed, one in every one of the awkward blocks of creating a sustainable CIRT is
the availability of locally produced cybersecurity expertise because of the reduced
availability of cybersecurity education and training programs in the Maldives. This
section discusses the key findings, issues, analysis, and proposals for cybersecurity
education and training.
Recommendations
P a g e 9 | 10
a) One of the foremost important elements in creating and sustaining
a national CIRT is the competency of the personnel. Training and human
space development programs must be in situ to own locally produced
professionals.
Bibliography
initiatives/cybersecurity/cybersecurity-programs-policy.
https://www.meity.gov.in.
P a g e 10 | 10