A Model for Afghanistan’s Cyber Security Incident Response Team

Islahuddin Jalal, Maryati Mohd Yusof, Zarina Shukur, Mohd. Rosmadi Mokhtar


Persistent cyber threats require effective and efficient mitigation techniques. The cyber security incident response team (CSIRT) is expected to respond to external and internal cyber threats or incidents. Various organizational, national, and international level CSIRTs have been developed for defending and protecting such kinds of threats. Developing countries like Afghanistan have also formed a Computer Emergency Response Team for handling national cyber incidents although it provides limited services to only a few constituencies and depends on funding from foreign donors. Therefore, a new organizational model was proposed to provide guidelines for a specific country, instead of a provision from a constitutional context. Five national CSIRTs were compared to identify their features and characteristics to provide basis for the proposed framework.  The study presented the proposed model based on two CSIRT organizational models that incorporated a new funding strategy to achieve a Sustainable National CSIRT for developing countries. Our model combined coordinate and security teams; if consists of constituency’s mission, services, resources, organizational framework, and funding strategy. This study employed qualitative method by using document analysis and interview techniques. CSIRT for Afghanistan known as AFCERT was evaluated in terms of structure, services, resources, and funding.  AFCERT services level were below the standard of a national CSIRT. Therefore, a more sustainable service need to be provided based on the proposed model components. Findings showed the suitability and potential of the model in controlling and mitigating cyber-attacks, more specifically in the context of Afghanistan.


CSIRT; cyber security, cyber-attacks, cyber policy.

Full Text:



J.Govil (2007) Ramifications of Cyber Crime and Suggestive Preventive Measures. The 2007 IEEE EIT Proceeding, 610-615

A. Hammond. (2018). February 16, 2018. Three Issues to Address. The Data Center Journal Cybersecurity 2018 http://www.datacenterjournal.com/cybersecurity-2018-three-issues-address.

Profile, I. C. (n.d.). ITU. Retrieved 2014, from ITU [Online]. Available: http://www.itu.int/en/ITU-D/Cybersecurity/Pages/default.aspx

Information and Cyber Security Directorate Director Interview.

R. Ruefle, K.v. Wyk and L. Tosic (2013). New Zealand Security Incident Management Guide for Computer Security Incident Response Teams (CSIRTs). New Zealand National Cyber Security Centre Government Communication Security Bureau, Developed in cooperation with the CERT® Division of the Software Engineering Institute at Carnegie Mellon University.

G. Killcerce (2003). Organizational Models for Computer Security incident response Team (CSIRT). CMU/SEI-2003-HB-001.

M. Zajicek (2004). Creating and Managing: CSIRTs-notes. Creating and Managing Computer security incident response teams (CSIRTs) . United States of America: CERT/CC.

S. Bradshaw. (2015) Combatting Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity. Published by the Center for International Governance Innovation and Chatham House. Ourinternet.org.

Rick Van der Kleij, Geert Kleinhuis and Heather Young Computer Security Incident Response Team Effectiveness: A Needs AssessmentFrontiers in Psychology, Front. Psychol., 12 December 2017 https://doi.org/10.3389/fpsyg.2017.02179

FIRST/TF-CSIRT: The Changing Face of Cybersecurity By Kevin Meynell Published by Internet Society [Online]. Available: https://www.internetsociety.org/blog/2018/02/first-tf-csirt-changing-face-cybersecurity

N. Brownlee (1998). ietf.org. Retrieved 2014, ISOC [Online]. Available: https://www.ietf.org/rfc/rfc2350.txt


G. Killcrece and R. Ruefle (2008). Creating and Managing Computer Security Incident Response Teams (CSIRTs). Carnegie Mellon University.

Kas Clark, D. S. (2014). A Dutch Approach to Cybersecurity through participation. Copublished by the IEEE Computer and Reliability Societies, 27-34.

I. Jalal, Z. Shukur and M.R. Mokhtar. (2017) 3C-CSIRT Model: A Sustainable National CSIRT For Afghanistan. The 2017 6th International Conference on Electrical Engineering and Informatics (ICEEI), 25-27 Nov 2017. Langkawi.

Y.M. Wara and D.Sing. (2015) A Guide to Establishing Computer Security Incident Response Team (CSIRT) For National Research and Education Network (NREN). The 2015 African Journal of Computing & ICT.

I.S.M.H.a.T.M Rober Morgus, “National CSIRTs and Their Role In Computer Security Incident Response, “ GPPi, 2015

CERT-In. http://www.cert-india.com/(2014). Retrieved 2014, from CERT-In website.

CNCERT. About us: CNCERT website. Retrieved 12 23, 2014, from CNCERT website: http://www.cert.org.cn/

J. Carpenter and J. Haller (2010). Establishing a National Computer Security Incident Response Team (CSIRT) . (J. Allen, Interviewer)

European CyberSecurity Journal : Strategic Perspective on CyberSecurity Management and Public Policies A Multistakeholder Approach To Cybersecurity Policy Development Lea Kaspar and Matthew Shears Volume 3 (2017)â–ª ISSUE 3

K. Salamzada. Z. Shukur and M. Abu Bakar (2015). A Framework for Cybersecurity Strategy for Developing Countries: Case Study of Afghanistan. Asia-Pacific Journal of Infrmation Technology and Multimedia, Vol(4), No 1 (2015)

CERT Australia (website). Retrieved 21 Feb, 2018 [Online]. Available: https://www.cert.gov.au/news/cyber-security-challenges-2018

Benjamin Dean and Rose McDermott, A Research Agenda to Improve Decision Making in Cyber Security Policy, 5 Penn. St. J.L. & Int'l Aff. 29. Available at: http://elibrary.law.psu.edu/jlia/vol5/iss1/4

DOI: http://dx.doi.org/10.18517/ijaseit.8.6.6692


  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development