[Bp_certs] About types of CERTs

Cristine Hoepers cristine at cert.br
Wed Jul 16 14:30:38 EDT 2014 

Hi,

Excellent points Carlos!

Actually constituencies can and will overlap, and most CSIRTs will
make a difference through influence and not by mandate or law.

I would like to add 2 other myths to your list:

(c) that FIRST Coordinates the work of all CSIRTs and/or provide a
    "certification" for teams that join

(d) that CERTs, CSIRTs and IRTs are different types of teams

I've heard this over and over in the past few years, and I've seen a
lot of confusion about CSIRTs roles because of these misconceptions.

Best regards,
Cristine

On Wed, Jul 16, 2014 at 02:25:18PM -0300, Carlos M. Martinez wrote:
> Hello all,
>
> Two very common misconceptions that i've found are that CSIRTs should:
>
> (a) have some sort of exclusivity over a certain constituency and,
> (b) be arranged in some sort of top-bottom hierarchy with lower-level
> CSIRTs reporting to higher-level CSIRTs all the way up to a single
> 'national CSIRT'
>
> Events like the IGF can help a lot in dispelling these myths / urban
> legends.
>
> warm regards
>
> -Carlos
>
> On 7/15/14, 8:36 PM, Cristine Hoepers wrote:
> > Dear all,
> >
> > First of all, thanks for the interest in the IGF CERTs BPF!
> >
> > I would like to share some thoughts, considering discussions I
> > participated in previous IGF and pre-IGF events, and the discussion
> > that took place in the mailing list a few days ago, about CSIRTs with
> > national responsibility (in short "National CSIRTs" or "National
> > CERTs"), which has also brought a little bit of discussion about other
> > types of CSIRTs.
> >
> > There is no right or wrong about who hosts a National CSIRT, or which
> > services it should provide.  From experience, each country will need
> > to identify what works best in its case, as well as consider other
> > issues like services, funding, local internet governance structure and
> > cultural issues, among other factors that might impact the decision.
> >
> > Also, several countries have more than one National CSIRT, and the
> > number is growing each year.  In the last National CSIRTs meeting,
> > about 2 weeks ago, there was a very interesting discussion about the
> > future of National CSIRTs and their role.  In this panel there was an
> > agreement that National CSIRTs are teams whose constituency are
> > networks/organizations/assets of National importance, and that the
> > number of such teams tend to increase.
> >
> > I would like to share some examples of National CSIRTs that are
> > operated by different stakeholders -- note that the focus of the
> > information is to give examples of different hosting organization, not
> > the constituency served by each team:
> >
> > - CERT.br - is operated by NIC.br, a not for profit organization that
> >   implements the decisions and projects defined by the Brazilin
> >   Internet Steering Committee - CGI.br.  And CGI.br is the
> >   multi-stakeholder internet governance body in Brazil.  All funding
> >   comes from <.br> domain name registration.
> >
> > - CERT.PL (previously CERT Polska) - is operated by NASK (Research and
> >   Academic Computer Network), a research institute which conducts
> >   scientific studies, operates the national .pl domain registry and
> >   provides advanced IT services.
> >
> > - JPCERT/CC - is an independent non-profit organization.
> >
> > - CARICERT - is sponsered by the Curaçao Bureau Telecommunication and
> >   Post (BT&P).
> >
> > - Egyptian CERT - is operated by the Ministry of Communications and
> >   Information Technology.
> >
> > - CERT-EE - operated by the Estonian Information System Authority
> >   (RIA), a subdivision of the Estonian Ministry of Economic Affairs
> >   and Communications.
> >
> > A more complete list of CSIRTs that have responsibility for an economy
> > or a country can be found here:
> > http://cert.org/incident-management/national-csirts/national-csirts.cfm
> >
> > I'll not get this e-mail even longer, but there are CSIRTs in many
> > different organizations, with different missions and services.  The
> > most important of all is that these CSIRTs work in cooperation to make
> > the Internet more stable and secure.  A list of teams that are members
> > of FIRST (the Forum of Incident Response and Security Teams) can be
> > found here: http://first.org/members/teams
> >
> > I personally think the work of the CERT BPF is a great opportunity for
> > us all to share experiences, best practices, questions, case studies,
> > but most of all it is a great opportunity for us to identify
> > challenges and try to find a way to start answering the open
> > questions.
> >
> >
> > Best regards,
> > Cristine
> >
> > --
> > Cristine Hoepers, D.Sc.
> > General Manager
> > CERT.br/NIC.br
> > http://www.cert.br/
> >
> > _______________________________________________
> > Bp_certs mailing list
> > Bp_certs at intgovforum.org
> > http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org

More information about the Bp_certs mailing list