Last month two members of Tonga’s recently formed Computer Emergency Response Team (CERT.to) visited APNIC’s office in Brisbane, Australia, as part of a week-long study tour, funded through an ISIF Asia grant sponsored by the Internet Society.
It was less than a year ago that APNIC was invited to Nukuʻalofa by Tonga’s Ministry of Information and Communication to conduct a two-day CERT workshop, which helped lay the foundation for the launch of the first national CERT in the Pacific.
During their tour, Director of Tonga CERT, Saia Vaipuna, and System Analyst, Paula Latapu, met with representatives of CERT Australia to discuss and receive feedback on an outreach and systems strategy CERT.to are developing.
“CERT Australia first reached out to us in 2015 when they discovered we were interested in developing a national CERT and have provided useful advice since then,” said Saia.
“This trip was our first chance to meet them face-to-face, which allowed us to have an in-depth discussion on what has worked for them and what might work for us.”
Tonga CERT has received support from several national CERTs around the world, which they recognize as an important element in their development.
Although it’s not well publicised, national and international CERTs and cybersecurity organizations are happy to help establish or offer strategic and procedural assistance to new national CERTs. Tapping into this community is really important for new CERTs, giving them valuable information that can only be gained from experience.
“The CERT community has certainly been very welcoming and willing to share information. And opportunities like this trip to meet face-to-face are important to build relationships and trust, both key elements of security response and mitigation,” said Saia.
Paula said that this relationship building has been a key focus of their formative months, particularly with the Tonga government, adding that his and Saia’s previous experience working as IT managers in government departments had made it much easier.
“Having existing relationships helps us move forward and implement what we need to do in government; it’s not just the techie stuff but knowing how the government works,” said Paula.
Also during their trip, we conducted some practical exercises together on analysing security incidents and looked at tools for managing Computer Security Incident Response Services (CSIRT) operations. They also did a presentation about their activities and progress to APNIC staff.
Both Saia and Paula agreed the trip had made their next steps “really clear”.
“We are determined to steer clear of ad-hoc methods, which is a common mentality in the Pacific. Having strategic actions we can start to work on immediately when we return will only further our reputation,” said Saia.
“We appreciate the support from ISIF and APNIC for hosting, as well as the time given by CERT Australia.”
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.