[Bp_certs] About types of CERTs

[Andrew Cormack]

Cristine
I was interested to see that "national CERTs" now think that term means "teams whose constituency are networks/organizations/assets of National importance".

That means we need another term for what I used to call the "CERT of last resort", for example if you have an incident in the UK and neither the FIRST, TI or RIPE directories give you a specific constituency CERT for the affected IP address, where (if anywhere) do you send it? Depending on the country, that may be something the "national CERT" does (I think Rohana was saying that in Sri Lanka it is), it may be done by someone else, or it may not be done by anyone.

Being that CERT is a pretty thankless job (I spent a year, many years ago, running a pilot "last resort" CERT for European academic networks!) but in terms of public perception of the Internet, it seems to me it's an important one. The really severe incidents may be the ones within the constituencies of national CERTs (as defined above) but I hope they are few and far between. The ones (viruses, fraud, phishing, spam, ...) that affect the vast majority of Internet users, every day, and make them worry whether the Internet is a safe place to do business/work/education don't come from those constituencies.

So if one of our objectives is to suggest how governments should build public confidence in the Internet, it seems to me that they ought to be thinking about how to provide some sort of incident response/victim support for those constituencies too. I'm afraid it's not something we've cracked in the UK - at the moment we have getsafeonline.org providing advice to the citizen - but the policy on where to report online frauds etc. seems to change frequently and isn't at all well publicised :(

So I'm very interested to hear about the Kenyan approach of using the telcom association and internet exchange as a hub. That sounds a bit like the German initiative https://www.botfrei.de/en/ that has advice for end users but also (if I understand correctly) provides a helpdesk that ISPs can direct customers to where they've spotted traffic that suggests a botnet infection. That seemed to me like a nice mix of automation for the majority of customers with detailed human help for the few that need it.

Best wishes
Andrew

--
Andrew Cormack
Chief Regulatory Adviser, Janet
t: +44 1235 822302
b: https://community.ja.net/blogs/regulatory-developments
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is
registered in England under No.2881024 and whose Registered Office is at Lumen House, Library
Avenue, Harwell Oxford, Didcot, Oxfordshire, OX11 0SG. VAT No. 614944238


> -----Original Message-----
> From: Bp_certs [mailto:bp_certs-bounces at intgovforum.org] On Behalf Of
> Cristine Hoepers
> Sent: 16 July 2014 00:37
> To: bp_certs at intgovforum.org
> Subject: [Bp_certs] About types of CERTs
> 
> Dear all,
> 
> First of all, thanks for the interest in the IGF CERTs BPF!
> 
> I would like to share some thoughts, considering discussions I
> participated in previous IGF and pre-IGF events, and the discussion
> that took place in the mailing list a few days ago, about CSIRTs with
> national responsibility (in short "National CSIRTs" or "National
> CERTs"), which has also brought a little bit of discussion about other
> types of CSIRTs.
> 
> There is no right or wrong about who hosts a National CSIRT, or which
> services it should provide.  From experience, each country will need
> to identify what works best in its case, as well as consider other
> issues like services, funding, local internet governance structure and
> cultural issues, among other factors that might impact the decision.
> 
> Also, several countries have more than one National CSIRT, and the
> number is growing each year.  In the last National CSIRTs meeting,
> about 2 weeks ago, there was a very interesting discussion about the
> future of National CSIRTs and their role.  In this panel there was an
> agreement that National CSIRTs are teams whose constituency are
> networks/organizations/assets of National importance, and that the
> number of such teams tend to increase.
> 
> I would like to share some examples of National CSIRTs that are
> operated by different stakeholders -- note that the focus of the
> information is to give examples of different hosting organization, not
> the constituency served by each team:
> 
> - CERT.br - is operated by NIC.br, a not for profit organization that
>   implements the decisions and projects defined by the Brazilin
>   Internet Steering Committee - CGI.br.  And CGI.br is the
>   multi-stakeholder internet governance body in Brazil.  All funding
>   comes from <.br> domain name registration.
> 
> - CERT.PL (previously CERT Polska) - is operated by NASK (Research and
>   Academic Computer Network), a research institute which conducts
>   scientific studies, operates the national .pl domain registry and
>   provides advanced IT services.
> 
> - JPCERT/CC - is an independent non-profit organization.
> 
> - CARICERT - is sponsered by the Curaçao Bureau Telecommunication and
>   Post (BT&P).
> 
> - Egyptian CERT - is operated by the Ministry of Communications and
>   Information Technology.
> 
> - CERT-EE - operated by the Estonian Information System Authority
>   (RIA), a subdivision of the Estonian Ministry of Economic Affairs
>   and Communications.
> 
> A more complete list of CSIRTs that have responsibility for an economy
> or a country can be found here:
> http://cert.org/incident-management/national-csirts/national-csirts.cfm
> 
> I'll not get this e-mail even longer, but there are CSIRTs in many
> different organizations, with different missions and services.  The
> most important of all is that these CSIRTs work in cooperation to make
> the Internet more stable and secure.  A list of teams that are members
> of FIRST (the Forum of Incident Response and Security Teams) can be
> found here: http://first.org/members/teams
> 
> I personally think the work of the CERT BPF is a great opportunity for
> us all to share experiences, best practices, questions, case studies,
> but most of all it is a great opportunity for us to identify
> challenges and try to find a way to start answering the open
> questions.
> 
> 
> Best regards,
> Cristine
> 
> --
> Cristine Hoepers, D.Sc.
> General Manager
> CERT.br/NIC.br
> http://www.cert.br/
> 
> _______________________________________________
> Bp_certs mailing list
> Bp_certs at intgovforum.org
> http://mail.intgovforum.org/mailman/listinfo/bp_certs_intgovforum.org