At irregular intervals, we provide important insights or open documents related to our projects and our core expertise. Such contributions include presentations, publications, or information about conferences/workshops we organized or attended.
2020 | 04 > CSIRT Services Framework
CANVAS was funded by the EU H2020 program. The project provides an integrative view on the ethical and regulatory issues of cybersecurity. It therefore approaches the challenge how cybersecurity can be aligned with European values and fundamental rights. For different briefing packages and a full-fledged curriculum with case studies and lecture slides are available. The briefings are free to use and available in English, French and German. Beside the policy summary each briefing provides a slide deck, case studies and literate references.
2020 | 03 > CSIRT Services Framework
The new version 2.1 of the CSIRT Services Framework was approved and released in late February 2020. The new version has clear improvements in the consistent naming, its structure and also the presentation of the content. The CSIRT Framework Development SIG is now working on providing assistance for the migration from version 1.1.1. That version was previously regarded as stable, but is now superseeded by the newest version. Future work by the SIG will focus on the roles and related skill sets of CSIRT employees.
2020 | 02 > ISPs und Security
RFC 2827 (BCP 38) already defined a simple and effective measure against counterfeit IP packets in May 2000: Each router only accepts sender IP addresses that correspond to the connected network. However, there are always discussions as to whether such permanent blockages are permissible or permitted at all, because they may also influence other functions of the network. BEREC, the Body of European Regulators for Electronic Communications, has now made it clear that the use of monitoring processes is justified routinely and especially to avert attacks. This applies in particular to the continuous detection of attacks and the initiation of further mitigations whenever attacks are detected.
2020 | 01 > openCSIRT Foundation
For the documentation of the SIM3 Self-Assessments most teams use spreadsheets or design your own graphics today. With the new openCSIRT Foundation (OCF) tool, a clear graphical representation comes with the tool. In addition it provide better explanations and online answers, which makes a new self-assessment rather easy. In addition, the established CSIRT Maturity (TI, ENISA, GFCE) can be selected to compare against. Input can be easily saved or bookmarked.
2020 | 01 > openCSIRT Foundation
From 31 March to 2 April 2020 the Open CSIRT Foundation (OCF) will organise a 3-day training to become a Certified SIM3 Auditor. The OCF shepherds the further development of the SIM3 maturity model, that is used by TF-CSIRT/TI, by ENISA for national teams in the EU, by the NCA (Nippon CSIRT Association) in Japan, and is now also being taken up by the Global Forum on Cyber Expertise (GFCE) for their GCMF – Global CSIRT Maturity Framework.
2019 | 12 > CSIRT Community
CSIRTs have been around for more than 30 years, but little is known about their beginnings. On the one hand, this is due to the fact that the first CSIRT conferences were held before the breakthrough of the WWW and there are practically only two or three copies left of them. On the other hand, little was documented or written down about how the teams organized and helped each other. In many interviews, Rebecca Slayton and her colleague prepared the first 15 years in a very readable and informative manner with many insights from those involved, including our managing director.
2019 | 11 > CSIRTs and Policy Makers
This report looks at the role of national CSIRTs as a distinct and in some regards very different variant of CSIRTs in general. To clearly outline these differences - especially to policy-makers - is an essential goal of this article. Therefore the report also explains the conflicting goals that must be considered when CSIRTs are co-operating with investigative and law enforcement agencies, but also with intelligence agencies. Based on their insights, the authors derive political recommendations that offer the role, mission and organizational structure of national CSIRTs and call for clear interfaces to intelligence services and law enforcement agencies.
2019 | 10 > CSIRT Services Framework
When dealing with cyber attacks and investigating security incidents, the people involved take on a lot of responsibility and often operate in a legal area of conflict. This is often due to the involvement of many different countries or legal practice that has not yet been implemented. But moral questions also crop up again and again, e.g. when the death penalty is imposed in certain countries for certain attacks. A working group within FIRST, as an international umbrella organization, developed guidelines that might help practitioners facing such situations. These guidelines are formulated as declarations of responsibility and are based on the understanding that the common good is always the most important consideration.
2019 | 09 > CSIRTs and Policy Makers
This article is a bit older (2015), but summarizes very nicely the most important aspects of the CSIRT tasks for decision-makers. Above all, it should shed light on a common understanding of the different team types, certain fundamental principles and the role of the national CSIRTs. A lot has developed in this area since 2015, especially through the EU NIS Directive, but the presentation of the motivation for and formulation of critical principles is still instructive.
2019 | 08 > CSIRT Community
Since 2019, FIRST, as the international umbrella organization of the CSIRTs, has launched an award for the merits of individuals, the: Incident Response Hall of Fame! This honors a selected group of visionaries, leaders and personalities who have made a significant contribution to the development and further development of the global security landscape. Our managing director was the first person to be inducted into the Hall of Fame. We are very pleased!
2019 | 07 > CSIRT Services Framework
FIRST has finally released the CSIRT Services Framework Version 2.0. This version is heavily based on the lessons learned from the work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Feedback is still welcome that will then become incorporated in the planned Version 2.1 later in 2019.
2019 | 06 > Reflections on CSIRTs
The consensus report of the United Nations Group of Governmental Experts (UN GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, adopted in July 2015, stated - not surprisingly - that international law applies in cyberspace. More surprisingly is norm clause 4, which stresses an important point: 'states should not conduct or knowingly support activity to harm the information systems of another state’s emergency response teams (CERT/CSIRTS) and should not use their own teams for malicious international activity.'