Mitigating Global Cyber Risk Through Bridging the National Incident Response Capacity Gap

Cyber-attacks know no borders. Given the globally connected environment, no region or country is secure against cyber-attacks unless the entire world is secure or has cyber capabilities. Yet, whether preventive or reactive, cyber countermeasures require coordination and engagement of various organizations, government bodies, and citizens of different countries. Although a variety of countermeasures exist, Computer Security Incident Response Teams (CSIRTs) have been deemed necessary systems in defending against and preventing cyberattacks, further supporting a nation's cyber capacity and limiting the harm to citizens, businesses, and governments. Despite calls for establishing CSIRTs at the national level, especially toward protecting critical infrastructure and lives from cyber threats, various discrepancies exist based on a nation's resources, capabilities, and needs. Limited research delves into the cyber capabilities of low-income countries despite an emphasis on improving global cyber capacity, leading to a need to establish a framework for low-income countries to address the unique needs with lessons learned from existing standards. CSIRTs can improve the cybersecurity posture of countries, so we seek to investigate how low-income countries can better mitigate cyber threats through cyber capacity building, including the creation of CSIRTs. This work-in-progress paper aims to investigate cyber incident response capacity building at the national level in low-income countries and identify challenges they may face in contributing to a more secure global cyberspace. Stemming from this paper, we will conduct a survey of national CSIRTs in low-income countries and conduct semi-structured interviews to further investigate their role. The implications of our research are far-spreading, assisting academics, practitioners, and governments in developing research, processes, and policies to aid low-income countries in their national cyber capacity building.