Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSIRT collaboration in Europe

Published byMonica Simonsen Modified over 5 years ago

Similar presentations

Presentation on theme: "CSIRT collaboration in Europe"— Presentation transcript:

1 CSIRT collaboration in Europe
EUNITY Project Workshop Cybersecurity and Privacy Dialogue between Europe and Japan 11-12 October 2017, Tokyo Miroslaw Maj, Trusted Introducer Baiba Kaskina, TF-CSIRT Chair

2 Topics TF-CSIRT Trusted Introducer CSIRT Maturity TRANSITS training
Strategy Trusted Introducer CSIRT Maturity TRANSITS training NIS directive and CSIRT network CEF funding Other cooperation groups EGC Regional Bilateral Other players

3 TF-CSIRT Task Force Computer Security Incident Response Teams
Forum for exchanging experiences and knowledge in a trusted environment in order to improve cooperation and coordination 3 meetings a year Host organisation - GEANT All inclusive - Academic (NREN) – Governmental – Commercial CSIRT Services, common standards and procedures, joint initiatives Liaison with ENISA, FIRST, APNIC and others Focus on European region (RIPE NCC service area), but not limited What are CSIRT teams? Computer security incidents require fast and effective responses from the organisations concerned. Computer Security Incident Response Teams (CSIRTs) are therefore responsible for receiving and reviewing incident reports, and responding to them as appropriate. Working with sensitive information. The longest running task force of GEANT; Running period: 2000 – 2020 Meetings: 2-3 days; social events The task force also develops and provides services for CSIRTs, promotes the use of common standards and procedures for handling security incidents, and coordinates joint initiatives where appropriate. This includes the training of CSIRT staff, and assisting in the establishment and development of new CSIRTs. FIRST: the global Forum of Incident Response and Security Teams ENISA : The European Union Agency for Network and Information Security; centre of expertise for cyber security in Europe.  More info, incl. meeting agendas on the website

4 TF-CSIRT – historical perspective
Started in 2000 as mostly academic initiative Longest running task force at GEANT We just had 52nd meeting

5 TF-CSIRT – meetings 3 times per year 130 – 200 participants
Community – 315 teams 2-3 days, social event Different location every time

6 TF-CSIRT

7 TF-CSIRT Strategy Formulated in 2017
Mission, critical success factors, strategic aims, goals Authors – TF-CSIRT SC, GEANT, TI

8 TF-CSIRT Mission The mission of TF-CSIRT is to facilitate and improve the collaboration between the European CSIRT community to make cyber space a better place.

9 Why Us? TF-CSIRT operates with a European mindset, and strives to make it services and meetings inclusive, accessible, easy-to-reach, and affordable for all CSIRTS in Europe – regardless of sector. Through the Trusted Introducer service, TF-CSIRT can offer well-maintained and up- to-date information and provide teams with recognition status via its differentiated listing, accreditation and certification processes.

10 TI – Trusted Introducer Service
The trusted backbone of infrastructure services and serves as clearinghouse for all security and incident response teams Maturity: Listing, Accreditation, Certification Team Directory: Public & Member access Closed meeting for the Accredited and Certified teams Open and Secure mailing lists Other services (member restricted) Established by the European CERT community in 2000 to address common needs and build a service infrastructure providing vital support for all security and incident response teams; Different levels of maturity: Listed: team that delivers substantial incident management services can be registered by the TI to become "Listed". Basic information: team's constituency and it's contact information. This basic set will be made available on the public website and on the member's restricted web site. Apply for listing – get two ’sponsors’. Teams generally from the RIPE NCC region Accredited: Accreditation is performed by the TI following a standardised process, takes between 1-4 months, depending on the current status and preparation as well as the feedback received during this process. Accredited teams pay accreditation fee and an annual fee Certified: SIM3 describes 45 parameters The more you put in, the more you get in return Public access: the basic information about all teams registered by the TI are presented. Member access: in-depth operational data of all Accredited and Certified teams, pro-actively maintained and must be approved regularly by the teams itself.  Restricted and encrypted mailing lists are available for accredited/certified teams and their team representatives + mailing list for listed teams

11 CSIRT Maturity – 3 steps Listed Accredited Certified

12 CSIRT Maturity – Listed teams
Registration (only listed – 160 teams) Team exists – provides basic/substantial services Contact information Constituency To get listed – 2 sponsor teams needed

13 CSIRT Maturity – Accredited teams
Full members of the community September 2017 – 155 teams Procedures in place RFC2350 Accreditation takes 1-4 months Fees 800 EUR/year – initial fee 1200 EUR/year – annual fee

14 CSIRT Maturity – Certified teams
Based in SIM3 (Security Incident Management Maturity Model) model SIM3 describes 45 parameters, divided over four categories: Organisation, Human, Tools, Processes Minimum score needs to be attained for each parameter 22 teams 3000 (2400) EUR certification fee, 2nd & 3rd year – 800 EUR fee

15 TRANSITS Training CSIRT personnel training
TRANSITS I: Operational, Organisational, Legal and Technical  TRANSITS II: NetFlow Analysis, Forensics, Communication, CSIRT Exercises Over 1000 security professionals trained in Europe and more in other regions Knowledge exchange GÉANT coordinated training, created and taught by the experts from the community 2 levels: TRANSITS I (basics) & TRANSITS II (advanced) 2 TRANSITS I events & 1 TRANSITS II in Europe Over 1000 security professionals in the European region + many more elsewhere in the world A number of participants have gone on to become TRANSITS trainers themselves, passing on their knowledge within their own regions and countries

16 NIS directive Directive on security of network and information systems – Scope: National strategy on the security of network and information systems Cooperation Group CSIRTs network Security and notification requirements for operators of essential services and for digital service providers National competent authorities, single points of contact and CSIRTs with tasks related to the security of network and information systems

17 NIS directive – CSIRT network
Members: CSIRTs CERT-EU Commission (observer) ENISA (secretariat) Operational information exchange Discuss coordinated incident response Support member states in addressing cross-border incidents

18 European Government CSIRT group EGC
Historical group Austria - GovCERT Austria Belgium - CERT.be Denmark - CFCS-DK Finland - NCSC-FI France - CERT-FR Germany - CERT-Bund Netherlands - NCSC-NL Norway - NorCERT Spain - CCN-CERT Sweden - CERT-SE Switzerland - GovCERT.ch United Kingdom - CERT-UK United Kingdom - GovCertUK EU institutions, agencies and bodies - CERT-EU

19 Other Cooperation Regional Bilateral Central European CSIRT group
Baltic CSIRTs Nordic CSIRTs Bilateral

20 Other Players and Areas
ENISA FIRST ITU Help to establish new CSIRT teams Training, materials Train the trainers Development of tools Best practices, benchmarking

21 Questions

Download ppt "CSIRT collaboration in Europe"

Similar presentations

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Delegations IV KAM Prague 3rd to 7th September 2014.

Delegations IV KAM Prague 3rd to 7th September 2014.
Www.enisa.europa.eu 1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &

1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Development of Censuses in Europe and Development for EC Statistical Co-operation European Commission (Eurostat) Jurgen Heimann UNFPA/PARIS 21 International.

Development of Censuses in Europe and Development for EC Statistical Co-operation European Commission (Eurostat) Jurgen Heimann UNFPA/PARIS 21 International.
Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.

Conformity Assessment and Accreditation Mike Peet Chief Executive Officer South African National Accreditation System.
Slovak Fundraising Centre Observer of EFA. Introducing EFA Formally established in Brussels in 2002…  The European Fundraising Association is a network.

Slovak Fundraising Centre Observer of EFA. Introducing EFA Formally established in Brussels in 2002…  The European Fundraising Association is a network.
C ross-European data sharing made easy 2012-03-28 EDAF Luxembourg.

C ross-European data sharing made easy EDAF Luxembourg.
A New Start for EUTO Redruth, 29 September 2012 Henk Schüller.

A New Start for EUTO Redruth, 29 September 2012 Henk Schüller.
PRISON HEALTH IN EUROPE: MISSIONS, ROLES AND RESPONSIBILITIES OF INTERNATIONAL ORGANIZATIONS Strasbourg, France 27 th May 2014.

PRISON HEALTH IN EUROPE: MISSIONS, ROLES AND RESPONSIBILITIES OF INTERNATIONAL ORGANIZATIONS Strasbourg, France 27 th May 2014.
Contributions from Permanent Observer Countries to the OAS 2012.

Contributions from Permanent Observer Countries to the OAS 2012.
HTA Benefits and Risks Dr Bernard Merkel European Commission.

HTA Benefits and Risks Dr Bernard Merkel European Commission.
Cooperation project on strengthening EU's Nordic USAR modules Acronym: EU-NU Grant Agreement n:o ECHO/SUB/2014/694378.

Cooperation project on strengthening EU's Nordic USAR modules Acronym: EU-NU Grant Agreement n:o ECHO/SUB/2014/
TERENA update Karel Vietsch TERENA CEO Internet2 Fall Meeting, Atlanta 30 October 2000.

TERENA update Karel Vietsch TERENA CEO Internet2 Fall Meeting, Atlanta 30 October 2000.
Future Regional Trends, Regional Direction and Cooperation Global Cybersecurity Agenda Pillars.

Future Regional Trends, Regional Direction and Cooperation Global Cybersecurity Agenda Pillars.
© Enterprise Europe Network South West 2009 The Eurostars Programme Kenny Legg R&D Funding for the Environmental Sector – 29 June 2010 European Commission.

© Enterprise Europe Network South West 2009 The Eurostars Programme Kenny Legg R&D Funding for the Environmental Sector – 29 June 2010 European Commission.
Who is protecting Internet in Latvia ? - CERT initiative Baiba Kaškina, IMCS UL Baltic IT&T 2007 - 19 April 2007, Rīga.

Who is protecting Internet in Latvia ? - CERT initiative Baiba Kaškina, IMCS UL Baltic IT&T April 2007, Rīga.

Similar presentations

Ads by Google