October is Cybersecurity Awareness Month in some regions — and ITU News is running a series of articles related to cybersecurity.
Baiba Kaskina, general manager of CERT.LV the Latvian National and governmental CSIRT, talked to ITU News to discuss cybersecurity preparedness in the EU.
CSIRT is a computer security incident response team. Another very well known term is CERT – computer emergency response team.
CERT teams are characterized by their constituency – who are their customers, for whom they are working, whom they are protecting. CERT’s or CSIRT’s constituency can be their organization, for example, a bank, or their customers (e.g. an Internet service provider’s CSIRT) or a government (governmental CSIRT) or the whole country (a national CSIRT). A CSIRT team can be also responsible for protecting critical infrastructure, a specific sector, military networks, etc.
CSIRT teams are crucial in responding to cyber threats no matter which constituency they are protecting. Different CSIRTs have different roles, but almost all of them are there to help the constituency if an incident happens, they assist in immediate response actions and later help to understand why the incident happened and what to do to prevent something similar happening in the future. CSIRTs are also providing proactive services like awareness raising, promotion of best practices, penetrating testing, among others.
In the last years, the role and significance of CSIRTs have grown. Not only more and more CSIRT teams are created in various sectors, but also the CSIRTs are officially addressed in the first EU wide cyber security related legislation – the Network and Information Security directive (NIS directive).
The NIS directive obliges all EU member states to create and adequately staff national CSIRT teams to be able to respond to cyber threats.
In Latvia, CERT.LV is the national and governmental CSIRT team established already in 2006 and working with the current mandate since 2011. The IT Security law in Latvia is in force since 2010 and now only some updates will be required to implement the NIS directive. The CERT.LV has been operational for more than 10 years and has gathered a lot of experience and trust from the constituency and community.
The team is close to 30 people and provides very wide range of CSIRT services including technical active and proactive services, educational and awareness raising activities, community building and collaboration, as well as other cyber security related services. There is also a military CSIRT in Latvia MilCERT, who’s role is to protect the national armed forces and Ministry of Defense. Both teams are funded by the Ministry of Defense.
TF-CSIRT – Task Force for Computer Security Incident Response Teams – is the regional all inclusive initiative with European mindset bringing together CSIRT teams from various sectors and fostering the collaboration. For CSIRT teams collaboration and trust are key elements mandatory for successful incident response and information sharing.
There is a CSIRT directory containing information on CSIRTs in Europe which are part of TF-CSIRT. The directory also indicates the maturity level of each CSIRT.
In September 2017, there are 315 CSIRT teams in the Trusted Introducer’s database representing various sectors including academia, government, national CSIRTS, industry, critical infrastructure, ISPs, banks and other players. TF-CSIRT members are collaborating in information sharing, tools development, courses and educational materials, work on standards.
The Forum for Incident Response and Security Teams (FIRST) is the global CSIRT forum fostering world wide collaboration among security teams. TF-CSIRT and FIRST are closely collaborating on all relevant topics.
There is no single recipe to stay cyber safe or cyber aware. Some basic rules include:
• Don’t underestimate the importance of cyber security. Establish proper procedures, legislation and organizations or branches to address cyber threats of today’s environment.
• Find knowledgeable and skilled people who will be able to take care of your cyber security tools, procedures and processes.
• Establish adequate end users’ or employees’ awareness raising activities. End users are our first line of defense and they should be properly educated.
• Remember that it is very hard to measure direct cost benefit from security procedures. You have to think of how much it will cost if an incident will happen and your data and reputation will be lost.