Working Group B: Cyber Incident Management and Critical Infrastructure Protection

About Working Group B

Cyber incident Management and Critical infrastructure Protection has been endorsed by the GFCE community in the Delhi Communiqué as one of the five prioritized themes for cyber capacity building to improve capacities that allow nations to respond to and recover from cyber incidents in a timely and efficient manner.

GFCE Working Group B has two taskforces:

  1. TF CIM, Cyber Incident Management
  2. TF CIP, Critical Infrastructure Protection

More information on the work done by Working Group B can be found in the GFCE Working Groups Annual Report 2021.

Table of Contents

News and Updates

The second half of 2022 marked the change of WG-B Chair during the GFCE Annual Meeting 2022, as Abdul-Hakeem Ajijola’s stepped down as Chair after his second term. We are grateful for all the time, energy and ideas Abdul-Hakeem committed to this Working Group during his four years as a Chair. At the same time, the WG found in Klée Aiken its new Chair, with the handover being finalised during the GFCE Annual Meeting.

In 2022, the task Force on Cyber Incident Management (CIM) held an in-person meeting in the margins of the 34th Annual FIRST Conference in Ireland. The TF finalised a Cybil Portal Guide for the CIM community which provides an overview of all the useful resources that are available for the CIM community on the Cybil Portal as of October 2022. Members of the TF also overviewed the GFCE research reportCyber Incident Management in Low-Income Countries written by AfricaCERT and commissioned by Global Affairs Canada as one of the priorities identified by the GFCE Community in the Global CCB Research Agenda 2022-2023. Their efforts are also currently focused on two projects: one covering Proactive Communication during Cyber Incidents and a second one that covers National and Sectorial CSIRT Cooperation.

The Task Force on Critical Infrastructure Protection (CIP) has been working on a Guide for Cybersecurity Table-top Exercises (TTX) which is composed of three deliverables covering: an Introduction to TTXs, a TTX Scenario Runbook and a practical Use-Case.

More information on the group’s ambitions for 2022 is detailed in the Working Groups Workplan.

Reports and Deliverables

The Task Force on Cyber Incident Management (CIM) finalised together with AfricaCERT, the
Cyber Incident Management in Low-Income Countries research project (Part 1, Part 2). The Task Force is also working on two projects: 'Developing a Framework for National and Sectorial CSIRT Cooperation', aiming to scope out the definitions and roles of the different types of
CSIRTs, and the 'Proactive Incident Communication project', aiming to thoroughly understand the impact of more open and proactive approaches to incident communication and information sharing. These projects were discussed during the CIM TF meeting at the margins of the FIRST Annual Conference in June, where the group also decided to start working on a guide to simplify and facilitate the use of relevant resources from the Cybil Portal to the cyber incident management community. The Task Force on Critical Information Infrastructure Protection (CIIP) has been working on developing a guide for carrying out cyber security table top exercises which will be divided into three different deliverables that will introduce, provide a runbook and offer an example scenario exercise, all attending to cross-sectorial audience needs.


The Task Force on Cyber Incident Management (CIM) has concentrated its efforts in developing two key deliverables. It has updated the Global CSIRT Maturity Framework (GCMF) with the aim of stimulating the development and maturity enhancement of national CSIRTs. . It has also completed the Getting Started with a National CSIRT Guide. This guide is meant for anyone who wants to learn more about setting up
a national CSIRT (nCSIRT).


The Task Force on Critical Information Infrastructure Protection (CIIP) has focused on developing three major deliverables in 2021:


First, the joint project between the Task Force on Strategy & Assessments from Working Group A and the Task Force on Critical Information Infrastructure Protection (CIIP) on Developing a Guide for the Process of Identifying Critical National Infrastructures (CNI) and Critical Information Infrastructures (CIIP). The aim of this project is to provide GFCE Community with a tool to support them in their National Cybersecurity Strategy (NCS) lifecycle.


Second, the Task Force is also helping develop the GFCE and the Meridian Cooperation Project. This project aims to bring together the GFCE and the Meridian communities, particularly in contributing expertise and experience on Critical Information Infrastructure Protection.


Third, with the aid of The Netherlands and TNO the Task Force developed the GFCE CIIP Capacity Framework. This framework supports the discussion on CIIP and the exchange of good practices by specifying the capacities that may be part of a CIIP approach, while at the same time provides knowledge to policymakers on how to establish and maintain sustainable and efficient efforts to protect CII by outlining the required capacities.

In 2020, the TF CIM started working in three project teams on separate deliverables: 1) National CSIRT Career Path; 2) Phase 0 CERT; and 3) Next phase for the CSIRT Maturity Framework. The TF CIIP worked in 2020 on assisting Senegal with its clearing house request for support on their CIIP and is additionally looking for ways to cooperate closely with the Meridian community (a CIIP community).


Details of work done by Working Group B can be found in GFCE Annual Report 2020.


Ambitions for Working Group B in 2021 can also be found in the Working groups Workplan.


Throughout 2019, the TF CIM worked on Global CSIRT Maturity Framework whilst the TF CIIP worked on a CIIP Capacity Framework. During the GFCE Annual Meeting 2019 in Addis Ababa, both Task Forces organized workshops with an African focus for the beneficiary community.

The Working Group split into two Task Forces during the GFCE Annual Meeting 2018 in Singapore.


Contributions to Cybil Knowledge Portal

WG B has identified 18 tools and 19 publications to help members, which can be found at

Chair and Task Force Leads

GFCE Secretariat Representative

Active Members and Partners