RFC 2350

  1. Document Information


This document contains a description of Botswana CIRT (Bw-CSIRT) accordance to  RFC2350[1]. It provides basic information about Bw-CSIRT, its channels of communication, services and its role and responsibilities.


    1. Date of Last Update

This is version 2.0, published 08-11-2022

    1. Distribution List for Notifications

There is no distribution list for notification as of November 2022


    1. Locations where this document may be found



    1. Authenticating this document

This document has been digitally signed by Emmanuel Thekiso, The Head of Bw-CSIRT


    1. Document Identification





Document Date

08 November 2022


This document is valid until superseded by a later version



  1. Contact Information
    1. Name of the Team

Full Name

Botswana National Computer Security Incident Response Team 

Short name



    1. Address

Botswana Communications Regulatory Authority,
Plot 50671, Independence Avenue,


    1. Time Zone

Greenwich Mean Time (GMT+2), in Central Africa Time Zone (CAT)

    1. Telephone Number

           +267-3685548, +267 3929960, +267-3957755

    1. Facsimile Number

          Not applicable

    1. Electronic e-Mail Address

For notifications and operational matters, please contact us at: Email address: Info(@)cirt.org.bw, and for incident reporting email : ticket(@)cirt.org.bw.The email address is monitored by duty officers during hours of operations .

    1. Other Telecommunications


    1. Public Keys and Encryption Information


PGP key ID


PGP Key Fingerprint

DAF5 2A67 B39E C7F7 F7E8  53F2 8A7F 14F8 8801 2C52


 Please use this key when you want/need to encrypt messages that you send to Bw-CSIRT

    1. Team Members

The head of Bw-CSIRT is Emmanuel Thekiso. Information about other team members is available by request.

Our days of operation are from 07:30 to 17:00 GMT+2 on business days Monday to Friday. We may operate out of these hours and days in case of emergency only.

Emergency Cases: If it's not possible to use e-mail, please call the hotline number +267-73111260 and +2673685548

  1. Charter
    1. Mission Statement

The Bw-CSIRT mission is to create, maintain, and promote the adequate capabilities for Botswana to respond to cyber threats and to protect its national critical information infrastructures. The scope of our activities covers prevention, detection, response, and recovery.

We operate according to the following key values:

  • The highest standard of ethical integrity
  • High degree of service orientation and operational readiness
  • Fostering culture of openness within a protected environment
  • Exchange of good practices among our constituents and our peers
  • Effective responsiveness in case of cybersecurity incidents and emergencies at the highest level
    1. Constituency

The Constituency of Bw-CSIRT is basically all economic sectors of Botswana as stated in the National Cybersecurity Strategy.  Note that usually no direct support will be given to end users; they are expected to contact their ISPs system administrators, network administrators for assistance

    1. Sponsorship and/or Affiliation

Bw-CSIRT is an independent organization under the Ministry of Communications, Knowledge, and Technology.

    1. Authority

The team coordinates cybersecurity incidents on behalf of its constituency and has no authority reaching further than that. The team is however expected to make operational, non-obligatory recommendations in the course of their work. The implementation of such recommendations is not a responsibility of the team, but solely of those to whom the recommendations were made

  1. Policies
    1. Types of Incidents and Level of Support

All cybersecurity incidents will be given normal priority unless they are explicitly labelled EMERGENCY or URGENT. The Bw-CSIRT is committed to keep its constituents informed of potential vulnerabilities and existing threats before they are actively exploited. Special attention will be given to issues affecting critical infrastructure and designated operators

    1.  Co-operation, interaction, and disclosure of information

Bw-CSIRT highly regards the importance of operational cooperation and information sharing between CSIRTs and other organizations that may contribute towards or make use of the services. Bw-CSIRT cooperate with other organizations like the law enforcement agencies to protect the privacy of its constituency and stakeholders and operates within the laws of Botswana when disclosing information.

    1. Communication and Authentication

Bw-CSIRT protects sensitive information in accordance with the relevant policies, and in particular respects the sensitivity markings defined by the originators of information. The Bw-CSIRT uses the PGP encryption and signing for secure communication.

  1. Services

The Bw-CSIRT has adopted the use of FIRST CSIRT Services Framework [5]  and provides assistance on prevention, detection, resolution and advice to its constituent on the following aspects of information security incident management

  1. Reactive Services
  • Incident Response
  • Incident triage
  • Cyber threat intelligence
  • Alerts and warnings,
  • Incident detection and resolution
  • Analyzing information security incidents
  • Information security incident coordination  
  • Supporting crisis management  


  1. Proactive Activities

The Bw-CSIRT proactively advises its constituency regarding recent    vulnerabilities and trends in cybersecurity and includes :-

  • information dissemination
  • Education and awareness raising
  • Training in incident management
  • Cooperating with other CSIRTs
  • Threats Monitoring
  • Announcement about existing vulnerabilities
  • Technology Watch
  • Assist with development of new CSIRTs


  1. Service Level


BW-CSIRT will always strive to react to incoming incident reports from humans within one business day. Due to current staffing levels this cannot be guaranteed, though. If you haven't received feedback to an incident report after two business days, we ask that you contact us again.


  1. Incident Reporting


Incident reporting forms are not available. Please report security incidents via encrypted  security(@)cirt.org.bw/ , When contacting us please provide at least the following

  • Incident date and time (including time zone)
  • Contact details, organizational information, name of a person, organizational name, and address, email address, telephone number
  • Short summary of the incident/emergency /crisis and type of event
  • The event/incident (e.g., which system produced the alert).
  • Affected systems, Source IPs, ports, and protocols
  • And any relevant information

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications, and alerts, BW-CIRT assumes no responsibility for errors or omissions, or damages resulting from the use of information contained within