Ghana’s Digital Agenda brings increased productivity and efficiency to the country’s people, businesses, organisations, and economy. However, there are unavoidable risks as we connect, digitise, and computerise systems. Cybersecurity is important in protecting our valuable assets and services. As the fire service prevents and deals with fires, a Computer Emergency Response Team (CERT) also known as a Computer Security Incident Response Team (CSIRT) prevents and deals with cybersecurity incidents. Cybersecurity incidents may arise from malicious use of ICTs, vulnerabilities in ICTs, human mistakes, and even natural disasters. A CERT is responsible for receiving reports, analysing information on incidents, resolving those incidents, coordinating and supporting stakeholders to reduce the number and impact of incidents on computer systems, information, and services.
Mandate of the Authority on Cybersecurity
The NCA’s mandate to ensure cybersecurity in the telecommunications sector derives from Regulations 5 and 6 of the Electronic Communications Regulations, 2011 (L. I. 1991). Regulation 5 states that a provider of a public electronic communications service and an operator of a public electronic communications network shall take appropriate technical and organisational steps to ensure the security of the service or network, and any message transmitted over the service or network. Regulation 6 (5) of L.I. 1991 enjoins operators to employ international best practices in the industry to promote the privacy, secrecy, and security of communications carried or transmitted by the operator or through the communications system of the operator, and the personal and accounts data related to subscribers. The NCA-CERT was set up by the NCA in 2017 to support national cybersecurity efforts, ensure cybersecurity in the telecommunications sector and work with other divisions to secure the NCA. CERT-GH, operating from the Ministry of Communications coordinated some of the cybersecurity issues relating to the telecommunications sector.
Gaps which require the Authority’s Action
The situation where there was no CERT dedicated to the telecommunications sector had to be corrected. The approach of using CERT was judged a more collaborative, effective, and efficient approach to preventing and responding to cybersecurity incidents and issues. The key concept was to have some level of decentralisation and leverage of regulators’ relationship with various organisations to improve coordinated development of cybersecurity. Further, the CERT eco-system provides a forum for information sharing, shared capacity building, and technologies concerning cybersecurity. This gap necessitated the policy directive from the Ministry of Communications to have Sectoral CERTs set up. The National Communications Authority Computer Emergency Response Team (NCA-CERT) was thus in response to this need and to fill this gap. Ghana’s nearly forty-one million mobile subscribers and twenty-six million data subscribers meant a CERT ecosystem would improve prevention and response to cybersecurity.
The Approach to Cybersecurity
The President, H.E. President Akufo-Addo, inaugurated the NCA-Computer Emergency Response Team (NCA-CERT) on the 22nd of October 2018. The NCA-CERT works with stakeholders to address incidents that affect the telecommunications sector to ensure a safer communications space. The NCA-CERT is one of the Sectoral CERTs under CERT-GH. The NCA-CERT uses both proactive and reactive approaches towards ensuring a secure telecommunications space.
The NCA-CERT constituents are the licence and authorisation holders regulated by the NCA. Some of these constituents are Mobile Network Operators (MNOs), Internet Service Providers (ISPs), and Broadband Wireless Access providers (BWAs). On being proactive, the NCA-CERT has continuous discussions and meetings with the various companies or providers to understand their cybersecurity operations, and provides feedback, guidance, or recommendations on cybersecurity.
The NCA-CERT also receives reports, from organisations such as CERT-GH, on malicious activity and vulnerabilities relating to the public networks such as those used by organisations, businesses, and customers. Cybersecurity Analysis is done on these reports to determine the category, impact, services affected, and advisories shared with the constituents concerned including information on identifying and resolving the cybersecurity incidents or issues. The NCA-CERT continues with follow-ups to progressively reduce the number of potentially malicious actors and vulnerable systems on public telecommunications networks. Cybersecurity is collaborative, and the NCA-CERT works with other divisions, such as Engineering and Regulatory Administration, in securing the Critical National Infrastructure.
The NCA-CERT monitors and reports incidents on critical information infrastructure within Ghana including the aviation band, the digital terrestrial television (DTT) network, mobile network, and service availability of selected locations. As part of operations, the NCA-CERT builds relationships with other computer emergency response teams, with assistance from CERT-GH, to exchange information and build capability in areas such as communications, incident management, and cybersecurity analysis. The NCA-CERT has systems to receive, visualise, analyse, and communicate concerning cybersecurity incidents and issues.
The NCA-CERT monitors and reports incidents on critical information infrastructure within Ghana including the aviation band, the digital terrestrial television (DTT) network, mobile network and service availability of selected locations. As part of operations, the NCA-CERT builds relationships with other computer emergency response teams, with assistance from CERT-GH, to exchange information and build capability in areas such as communications, incident management and cybersecurity analysis. The NCA-CERT has systems to receive, visualise, analyse, and communicate with respect to cybersecurity incidents and issues.
Benefits to Industry and Consumers
Cyberspace and technology continue to change and improve. However, what was secure today may not be secure tomorrow as we learn more about the systems we have and the increasing scope and complexities of vulnerabilities or attacks. Cybersecurity requires a collaborative and continuous effort involving all stakeholders. It starts with doing the basics, having cybersecurity awareness, appreciating the issues, leadership buy-in, communications between all involved, and a continuous effort to value and keep systems secure. The NCA CERT this year has had engagements with all constituents to raise the mutual understanding of threats that they face and activities that can be taken to minimise the risk posed by these threats. The constituents have also sent the status of their security and network operations.
Cybersecurity Assurance and Situational Awareness programme
The NCA-CERT provides several services as this is one of the three main objectives. It should be noted these services (e.g., situational awareness, communications, capacity building, research and development, analysis, incident management) cut across other activities such as data protection and privacy. The key service units are NCA-CERT and the Data Protection & Privacy Unit. The NCA-CERT has done a lot with regards to security assurance and situational awareness. Staff conduct vulnerability scans, compile malware incidents and reports are shared. These help deal with any cybersecurity incidents that came up. Reports from malware incidents also help with drafting topics for awareness training.
Incident Management & Analysis
The NCA-CERT Incident Management Services is related to the management of a cyber-event, which includes alerting our constituents and coordinating activities associated with the response, and subsequently mitigation and recovering the incident. Cybersecurity analysis involves doing forensic investigations on data, documents, systems, or artefacts of interest to cybersecurity.
When scanning of the NCA internal network is done, there is a need to go into and check systems. For this reason, the NCA-CERT has an analysis aspect that is done. Staff are currently following the training programme to build capacity and are utilising acquired skills as expected. Incident management is the objective or aspiration of CERTs. The functions in this service area cover the full life cycle of an incident’s response.
Research & Development
The NCA is keen on keeping up with the ever-changing threat landscape. This requires persistent research and the development of new trends and technologies. The NCA is conducting a CERT benchmark study to develop performance gaps, adopt standardised processes and identify areas of improvement. The NCA-CERT has continued to work with CERT-GH to improve processes and operations, reporting, and understanding of some of the threats in the telecommunications sector.
To learn more, visit NCA-CERT