[Bp_certs] About types of CERTs

Adli Wahid adli at apnic.net
Thu Jul 17 01:44:44 EDT 2014 

Hello all, 

In the context of national certs/csirts or certs/csirts with national
responsibilities I have seen in the past that they have grown into a
bigger organisation (i.e. something National Cyber Security Agency) with
bigger mandate and providing more support or services for the
constituency. 

These organisations get involved in providing security awareness programs
(which is based on lessons learned from incidents commonly handled),
providing training for setting up other csirts/certs in the private
sectors, incident response exercises, and even participate in relevant
policy development.

If one visits many of the national CERTs/CSIRTs website you can easily see
that types of services they provide.

There are some interesting collaboration  that are happening at the
regional level too. Regional CERT/CSIRTs association such as APCERT,
OIC-CERT and even ASEAN have been carrying out incident response exercise
for the last couple of years to enhance the co-operation between
certs/csirts especially when dealing with security incidents. In addition
activity like these certainly help csirts to learn from one another.
Check out these press releases from some of the recent exercises.

http://www.oic-cert.org/v1/news/01_2014.pdf
http://www.apcert.org/documents/pdf/APCERTDrill2013PressRelease_AP.pdf

Having said the above would be interesting if we could capture what sort
of activities CERTs/CSIRTS in the enterprise or private sector participate
in if they do more than just incident response.

Best Regards, 
Adli 

-- 
Adli Wahid                        email:     adli at apnic.net
Security Specialist, APNIC        sip:  adli at voip.apnic.net
http://www.apnic.net              phone:    +61 7 3858 3100
___________________________________________________________
 * Sent by email to save paper. Print only if necessary.




On 17/07/2014 4:30 am, "Cristine Hoepers" <cristine at cert.br> wrote:

>Hi,
>
>Excellent points Carlos!
>
>Actually constituencies can and will overlap, and most CSIRTs will
>make a difference through influence and not by mandate or law.
>
>I would like to add 2 other myths to your list:
>
>(c) that FIRST Coordinates the work of all CSIRTs and/or provide a
>    "certification" for teams that join
>
>(d) that CERTs, CSIRTs and IRTs are different types of teams
>
>I've heard this over and over in the past few years, and I've seen a
>lot of confusion about CSIRTs roles because of these misconceptions.
>
>Best regards,
>Cristine
>
>On Wed, Jul 16, 2014 at 02:25:18PM -0300, Carlos M. Martinez wrote:
>> Hello all,
>>
>> Two very common misconceptions that i've found are that CSIRTs should:
>>
>> (a) have some sort of exclusivity over a certain constituency and,
>> (b) be arranged in some sort of top-bottom hierarchy with lower-level
>> CSIRTs reporting to higher-level CSIRTs all the way up to a single
>> 'national CSIRT'
>>
>> Events like the IGF can help a lot in dispelling these myths / urban
>> legends.
>>
>> warm regards
>>
>> -Carlos
>>
>> On 7/15/14, 8:36 PM, Cristine Hoepers wrote:
>> > Dear all,
>> >
>> > First of all, thanks for the interest in the IGF CERTs BPF!
>> >
>> > I would like to share some thoughts, considering discussions I
>> > participated in previous IGF and pre-IGF events, and the discussion
>> > that took place in the mailing list a few days ago, about CSIRTs with
>> > national responsibility (in short "National CSIRTs" or "National
>> > CERTs"), which has also brought a little bit of discussion about other
>> > types of CSIRTs.
>> >
>> > There is no right or wrong about who hosts a National CSIRT, or which
>> > services it should provide.  From experience, each country will need
>> > to identify what works best in its case, as well as consider other
>> > issues like services, funding, local internet governance structure and
>> > cultural issues, among other factors that might impact the decision.
>> >
>> > Also, several countries have more than one National CSIRT, and the
>> > number is growing each year.  In the last National CSIRTs meeting,
>> > about 2 weeks ago, there was a very interesting discussion about the
>> > future of National CSIRTs and their role.  In this panel there was an
>> > agreement that National CSIRTs are teams whose constituency are
>> > networks/organizations/assets of National importance, and that the
>> > number of such teams tend to increase.
>> >
>> > I would like to share some examples of National CSIRTs that are
>> > operated by different stakeholders -- note that the focus of the
>> > information is to give examples of different hosting organization, not
>> > the constituency served by each team:
>> >
>> > - CERT.br - is operated by NIC.br, a not for profit organization that
>> >   implements the decisions and projects defined by the Brazilin
>> >   Internet Steering Committee - CGI.br.  And CGI.br is the
>> >   multi-stakeholder internet governance body in Brazil.  All funding
>> >   comes from <.br> domain name registration.
>> >
>> > - CERT.PL (previously CERT Polska) - is operated by NASK (Research and
>> >   Academic Computer Network), a research institute which conducts
>> >   scientific studies, operates the national .pl domain registry and
>> >   provides advanced IT services.
>> >
>> > - JPCERT/CC - is an independent non-profit organization.
>> >
>> > - CARICERT - is sponsered by the Curaçao Bureau Telecommunication and
>> >   Post (BT&P).
>> >
>> > - Egyptian CERT - is operated by the Ministry of Communications and
>> >   Information Technology.
>> >
>> > - CERT-EE - operated by the Estonian Information System Authority
>> >   (RIA), a subdivision of the Estonian Ministry of Economic Affairs
>> >   and Communications.
>> >
>> > A more complete list of CSIRTs that have responsibility for an economy
>> > or a country can be found here:
>> > 
>>http://cert.org/incident-management/national-csirts/national-csirts.cfm
>> >
>> > I'll not get this e-mail even longer, but there are CSIRTs in many
>> > different organizations, with different missions and services.  The
>> > most important of all is that these CSIRTs work in cooperation to make
>> > the Internet more stable and secure.  A list of teams that are members
>> > of FIRST (the Forum of Incident Response and Security Teams) can be
>> > found here: http://first.org/members/teams
>> >
>> > I personally think the work of the CERT BPF is a great opportunity for
>> > us all to share experiences, best practices, questions, case studies,
>> > but most of all it is a great opportunity for us to identify
>> > challenges and try to find a way to start answering the open
>> > questions.
>> >
>> >
>> > Best regards,
>> > Cristine
>> >
>> > --
>> > Cristine Hoepers, D.Sc.
>> > General Manager
>> > CERT.br/NIC.br
>> > http://www.cert.br/
>> >
>> > _______________________________________________
>> > Bp_certs mailing list
>> > Bp_certs at intgovforum.org
>> > http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org
>
>_______________________________________________
>Bp_certs mailing list
>Bp_certs at intgovforum.org
>http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org

More information about the Bp_certs mailing list