Among CSIRT/CERT teams in Europe and around the world, the Czech Republic is known for a relatively high number of officially established security teams. Operating mainly within Europe, there is the GÉANT organization, which promotes the development and creation of new security teams through its long-established service Trusted Introducer. It is an initiative that aims to facilitate building of trust between security teams of educational and research institutions, operators, providers and government institutions that, within their address space, deal with security incidents, such as botnets, spam, phishing, open resolvers or more sophisticated incidents . Each team faces very similar, if not identical problems and therefore sharing of experience should be taking place to streamline their work. Withholding important information in this environment, on the other hand, does not usually bring any competitive advantage.
Building of trust between the teams is also helped by the three levels of possible statuses – enlisting, accreditation and certification. Each of these levels guarantees a certain degree of working ability of the team, while demonstrating the involvement of the team in the community building. In the past year, as many as six Czech teams received a status “listed” in the Trusted Introducer. For the team to be listed, it would need support of at least two already accredited teams and it is advisable that the team should have its contact information, working hours and a link to the public PGP key on its page. To obtain the status of “accredited” or “certified”, it is required to meet other conditions. The resulting database, or the list of official teams then allows to contact the persons who are responsible for safety within the organization. Last year, the total number of official CSIRT/CERT teams in the Czech Republic reached 22. Until 2014 there were, however, only 8 teams. What influenced the increase in the number of CSIRT/CERT teams the most was probably the DDoS attacks of March 2013 and the subsequent launch of the project FENIX by the NIX.CZ association. As of today, Germany is the only country in Europe that has more teams registered in Trusted Introducer. On the international level, these teams meet together three times a year. During these meetings, a special section designated as TLP Red is dedicated to accredited and certified teams, where they can openly talk about matters they would not make public at an open conference.
Local workshops are organized also for the Czech CSIRT teams, currently twice a year. There they can openly discuss issues that are close to them and get to know members of other teams, which of course makes communication between the teams in case of an incident much easier. The next international meeting of CSIRT/CERT teams associated with Trusted Introducer will be held in late January in Prague and hosted by CZ.NIC.
Last year, our team CSIRT.CZ joined another broad community of teams of the world, the organization FIRST, becoming its first member from the Czech Republic. Unlike Trusted Introducer, FIRST has more worldwide teams of predominantly commercial nature.
The fact that the work of all CSIRT teams is very similar regardless of their region, positively influences the implementation of joint projects on data sharing and the development of open source tools, which can be adjusted by the teams to match their needs. This way, the community creates an environment that helps new teams to begin their work quickly and efficiently. What new CSIRT teams will join us this year?
CSIRT.CZ team wishes you all nice, and above all, safe year 2016.