The Challenges Facing Computer Security Incident Response Teams

In mid-June, the German parliament scrambled to repel the worst cyberattack in its history. Meanwhile, 800 IT security experts and members of Computer Security Incident Response Teams (CSIRTs) from around the world met just a few blocks away at the annual meeting of the Forum for Incident Response and Security Teams (FIRST). Responding to attacks like the one against the Bundestag is at the core of a CSIRTs’ daily tasks. As cybersecurity has become a core strategic interest for companies and governments alike, there is a growing need to safeguard CSIRTs’ operational independence from other political objectives and strengthen them as a neutral pillar of global cybersecurity.

CSIRTs have been a cornerstone of cyber incident response for decades. Also known as Computer Emergency Response Teams (CERTs), CSIRTs are teams of technical experts with the mission to maintain and protect the security of their customers’ computer networks and systems that rely on it. For example, when the OpenSSL Heartbleeed vulnerability was discovered last year, which security expert Bruce Schneier called a ​“catastrophic bug,” US-CERT issued an alert and a white paper containing an overview of the systems affected, a description of the threat, and recommendations for solutions and mitigation. US-CERT worked with private sector partners, the FBI, Financial Services Information Sharing and Analysis Center, and Canadian Cyber Incident Response Center to prepare and disseminate alerts. CSIRTs, can be based at private companies, governments, universities or other organizations.

While their primary mission is technical in nature, they are under growing pressure to accommodate various policy and political objectives of the countries in which they are located.

…

To read the full article, please visit the Council on Foreign Relations online.