The Chilean Computer Emergency Response Team (CLCERT) is an advisory body to the Republic of Chile, promoting IT security awareness and reductions in security incidents. Working toward better security for one of the largest IT infrastructures in Latin America, CLCERT joined the Microsoft® Security Cooperation Program (SCP), a collaboration that has enhanced IT security through data sharing, training, and Microsoft expertise.
The Republic of Chile has one of the most advanced telecommunications infrastructures in Latin America. With Internet penetration at over 40 percent, Chilean businesses and citizens rely on online services for many activities, from banking to shopping. In particular, the Chilean government has a strong e-government platform, providing more than 200 services through Web portals, including access to medical benefits and its income tax system. Enhancing the security of its IT infrastructure is critical, and Chile is continually searching for improved solutions to bolster the security of government, corporate, and private data.
Because these online resources are potentially vulnerable to security threats, the National University of Chile founded the Chilean Computer Emergency Response Team (CLCERT) in 2001. Partnered with the Laboratory of Applied Cryptography and Security, the CLCERT works with the Department of the Interior of Chile to promote and enhance security of the nation's public and private IT infrastructures. The CLCERT advises all other government branches and departments regarding IT security, from national intelligence to law enforcement.
Starting in 2005, CLCERT drafted specific government decrees that require corporate compliance to a higher IT security standard. The organization now works with its corporate partners, sharing information and technology, to gain this level of security.
Though CLCERT has been effective in raising the level of awareness around security, obtaining the necessary technology and threat data in a timely manner has been a continual concern. The CLCERT must often take reactive action to cyber threats—responding to a security issue rather than preventing it. And the response can often come delayed, while the exact nature of the threat remains unknown. “Timing is so very important when dealing with cyber threats,” says Alejandro Hevia, Director of CLCERT. “Seconds matter when we are dealing with IT security.”
To boost the effectiveness of its own security efforts, CLCERT joined the Microsoft® Security Cooperation Program (SCP) in 2007 to help manage IT security issues within Chile. The focus of SCP is to bring Microsoft resources of knowledge, training, and expertise, to governments and educational institutions with extensive IT environments and sensitive data. Through information transparency and collaborative opportunities, Microsoft joined with the Republic of Chile to reach a mutual goal—decreasing the risk of security attacks worldwide. “This type of cooperation is just what we were looking for,” explains Hevia. “In the past, we strove to share information with other governments around the world, but Microsoft is the real key to this equation.”
||We now have access to an important resource—the knowledgeable team of experts and engineers inside Microsoft, who work very hard to improve the security of their customers and the community at large.”
Director, Chilean Computer Emergency Response Team
Since 2007, SCP has been active in furthering the cause of IT security in both the public and private sectors of Chile, with significant emphasis on security readiness. Through CLCERT, SCP has conducted intensive training sessions for government IT security officers, which focuses on two areas: security relevance and server hardening. The training is technical, but it also focuses on the softer aspects of dealing with complex computer security problems. Security experts from Microsoft conduct this training, allowing for instant feedback and an enhanced learning experience.
As a form of community outreach, Microsoft and CLCERT created a series of Ethical Hacking Challenges. With a cash prize as an incentive, IT professionals were encouraged to “hack” an isolated and hardened Windows Server® 2003 operating system acting as Web server with the intent to read a particular piece of data or plant a file.
SCP offers a more direct line of information dissemination to the IT professionals who need it. When Microsoft has a malware alert, CLCERT receives the notification directly through SCP, and not through traditional channels such as newswires—helping ensure accurate and timely information. In addition, CLCERT has access to an around-the-clock hotline that is staffed with experts from Microsoft’s security response team.
The CLCERT also takes advantage of monthly security bulletins and reviews, where a security expert from Microsoft briefs the team on current security issues in a Web conference using Microsoft Office Live Meeting. These briefings involve an active dialogue about current security issues and how they may affect Chile’s IT infrastructure. CLCERT can in turn provide feedback to Microsoft about security activity and issues it has discovered.
As part of the collaborative campaign, SCP has also provided educational curriculum, flyers, brochures, posters, and a security Web portal, all in Spanish and localized specifically for Chilean citizens. “By receiving that level of care and expertise from Microsoft, the effect has really been better than we could have hoped,” says Marcos Kiwi, Deputy Director of CLCERT. “Microsoft allows us direct access to the source of information and really shows us how much they care about IT security in general and Chile’s security concerns specifically.”
The CLCERT feels this public-private relationship with SCP is critical to increasing the security of its national IT infrastructure. The collaboration has produced results in trained IT professionals, increased security awareness, and timely information about known security issues as they develop.
Participation in SCP has resulted in a heightened level of IT security throughout the public and private sectors in Chile, from concern for sensitive government networks to citizen awareness of e-mail scams and personal computer threats. The collaboration is helping to achieve a high level of compliance for the nation.
Specialized Training from the Experts
Previously, IT security officers for the government relied on Microsoft Official Curriculum for security training. Now, the 80 officers participate in intensive training sessions and receive in-depth instruction tailored to their specific needs.
As a result, the CLCERT has seen the officers’ ability to analyze, diagnose, and troubleshoot security issues increase, and the CLCERT is enthusiastic about hosting more of these training sessions for other government employees.
Outreach Campaigns That Raise Awareness
The outreach strategies that SCP provides have also raised awareness among corporations and the public, which has led to a more proactive approach to IT security. The first Ethical Hacking Challenge was completed in May 2007 with more than 100,000 attempts to purposefully compromise the system and win a prize. The enthusiasm for the contest demonstrated the increased alertness for security among IT professionals in the private sector, as well as the public sector. By broadening community knowledge, the CLCERT fulfills its goal to increase the level of IT security not only for the government, but also for corporations and private individuals.
Openly Sharing Information and Technology
As a result of participating in the SCP, the CLCERT and Microsoft now share information and technology openly. Through regular briefings with security experts from Microsoft, the CLCERT continually enhances Chile’s IT security by sharing security-focused data and technology. “We now have access to an important resource—the knowledgeable team of experts and engineers inside Microsoft who work very hard to improve the security of their customers and the community at large,” says Hevia. Plus, with a hotline that is staffed around-the-clock, the CLCERT will have access to those experts and resources before, during, and after security incidents occur, helping to minimize the impact on IT infrastructures and citizens.
Together, Chile and Microsoft have built a strong relationship. Microsoft opened its large knowledge base and expertise, and the CLCERT provides real-world data about security threats. By working together, both parties are increasing the security capabilities of IT networks in Chile and around the world. Hevia sums, “We find the spirit of wide-reaching collaboration energizing and inspiring. Microsoft is leading the global computer security community, and we are proud to be part of this initiative.”
For More Information
For general questions about the Security Cooperation Program, please e-mail: SCP_Team@microsoft.com or visit: