Foundation Projects
FCA: Establishing a SOC for Bhutan 2024
Bhutan Computer Incident Response Team (BtCIRT)
This funding is for the establishment of a Security Operations Centre (SOC) for smaller and emerging Computer Emergency Response Teams (CERTs) in Bhutan.
The initiative will help establish a baseline set of operational infrastructure for a SOC within the CERT. The emphasis is on the CERT staff doing most of the deployment work themselves based on a 'learn by doing' philosophy.
This helps build their human capacity (staff) as well as their overall technical capacity as a CERT (institutional).
Funds will primarily go towards hardware and equipment needed as these CERTs have limited financial resources for capital expenses. It is expected the CERT will make use of free and open source software such as Wazuh or Elasticsearch, and also contribute their learnings back to the community.
The Challenge in Bhutan:
BtCIRT needs to enhance its threat detection and incident response capabilities, however the team lacks the professional capability of SOC operations. Currently the team has been able to install open Source SIEM tool Wazuh, monitoring at least 50 agents. The team could use the events generated by the SIEM however, without proper equipment it becomes difficult to analyze the events properly to assess if those events propagate to be an incident.
Related: