Forum of Incident Response and Security Teams

Last updated
Forum of Incident Response and Security Teams
AbbreviationFIRST.org
FormationJuly 8, 1995
Type501(c)(3) not-for-profit public charity
HeadquartersCary, North Carolina
Members
650+ organizations from more than 100 countries
Chair of the board
Tracy Bills
Key people
  • Tracy Bills, President
  • Chris Gibson, Executive Director
Website www.first.org

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. They aim to improve cooperation between security teams on handling major cybersecurity incidents. [1] FIRST is an association of incident response teams with global coverage. [2]

Contents

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents. [3]

History

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents. [4] It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014. [5]

Activities

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams. [6]

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community. [7] It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community. [8]

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities; [9] the Traffic light protocol for classifying sensitive information; [10] and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited. [11]

FIRST is a partner of the International Telecommunication Union [12] (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity. [13] The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide. [14]

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL. [15]

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions. [16] In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation. [17]

Internet governance implications

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities. [18]

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable". [19]

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to. [20]

Related Research Articles

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.

<span class="mw-page-title-main">National Strategy to Secure Cyberspace</span>

In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks. It was prepared after a year of research by businesses, universities, and government, and after five months of public comment. The plan advises a number of security practices as well as promotion of cyber security education.

The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for the cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country. Other roles include but are not limited to, the promotion of safe Internet usage and Internet culture, detecting and analyzing malware/viruses on the web, privacy protection, operating root CA, education on Internet and cybersecurity, and various other cybersecurity issues.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

<span class="mw-page-title-main">International Multilateral Partnership Against Cyber Threats</span> United Nations-backed cybersecurity alliance

The International Multilateral Partnership Against Cyber Threats (IMPACT) is the first United Nations-backed cybersecurity alliance. Since 2011, IMPACT serves as a key partner of the United Nations' (UN) specialised agency for ICTs – the International Telecommunication Union (ITU).

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

CSIRT.CZ is a national CSIRT team operated by CZ.NIC. CSIRT.CZ's main task is to handle security incidents in computer networks operated in the Czech Republic.

<span class="mw-page-title-main">National Cyber Security Centre (Ireland)</span>

The National Cyber Security Centre (NCSC) is a government computer security organisation in Ireland, an operational arm of the Department of the Environment, Climate and Communications. The NCSC was developed in 2013 and formally established by the Irish government in July 2015. It is responsible for Ireland's cyber security, with a primary focus on securing government networks, protecting critical national infrastructure, and assisting businesses and citizens in protecting their own systems. The NCSC incorporates the Computer Security Incident Response Team (CSIRT-IE).

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

AusCERT is a non-profit organisation founded in 1993, that provides advice and solutions to cybersecurity threats and vulnerabilities. The organisation covers their costs through member subscriptions, attendees to the annual AusCERT conference and service contracts.

<span class="mw-page-title-main">TR-CERT</span>

TR-CERT is an organization within the Information and Communication Technologies Authority (ICTA) which is the national regulatory authority of the Turkish electronic communication sector. It is responsible for the analysis and risk mitigation of large-scale cyber threats and vulnerabilities, communicating information regarding malicious cyber activities or possible vulnerabilities to computer security incident response teams (CSIRT) and the public.

<span class="mw-page-title-main">Global Commission on the Stability of Cyberspace</span> Commission developing diplomatic norms limiting cyber-offense

The Global Commission on the Stability of Cyberspace was a multistakeholder Internet governance organization, dedicated to the creation of diplomatic norms of governmental non-aggression in cyberspace. It operated for three years, from 2017 through 2019, and produced the diplomatic norm for which it was chartered and seven others.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

<span class="mw-page-title-main">OIC Computer Emergency Response Team</span> Affiliated organ of the Organisation of Islamic Cooperation

The OIC Computer Emergency Response Team, commonly known as OIC-CERT, is a computer emergency response team and one of the 17 affiliated organs of the Organisation of Islamic Cooperation. Focused on global cybersecurity in the 27 member and non-member states, it is considered the world's third-largest computer emergency response team coordinated by the 27 countries. The OIC-CERT is primarily focused on providing emergency support in cyber resilience with global collaboration with its associated members and information security organizations. It also encourages member states to implement cybersecurity policies by their respective CERTs.

Azerbaijan Computer Emergency Response Team, officially known as Azerbaijan Government CERT, is a computer emergency response team of the Republic of Azerbaijan responsible for cybersecurity and gathering data concerning information technology. It operates under the Special Communication and Information Security State Service of the government of Azerbaijan. It collectes data within its framework from relevant sources, including internet users, computer engineering groups, individuals or organizations and software developers. It coordinates with the foreign countries for gathering and analysing data from cybersecurity incidents involving both software and hardware tools designed for the prevention of internet and computer security.

References

  1. "FIRST - ICANNWiki". icannwiki.org. Retrieved 2022-01-01.
  2. "OECD - GUIDANCE FOR IMPROVING THE COMPARABILITY OF STATISTICS PRODUCED BY COMPUTER SECURITY INCIDENT RESPONSE TEAMS".
  3. "The age of digital interdependence" (PDF).
  4. Slayton, Rebecca; Clarke, Brian (2020). "Trusting Infrastructure: The Emergence of Computer Security Incident Response". Technology and Culture. 61 (1): 173–206. doi: 10.1353/tech.2020.0036 . PMID   32249219. S2CID   214808905.
  5. "North Carolina Secretary of State Search Results". www.sosnc.gov. Retrieved 2021-12-24.
  6. "FIRST launches new code of ethics for incident response and security teams on Global Ethics Day". www.securitymagazine.com. Retrieved 2022-01-01.
  7. "FIRST conference focuses on handling security breaches". News Is My Business . 2017-06-13. Retrieved 2022-01-05.
  8. "Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards". www.securitymagazine.com. Retrieved 2022-01-05.
  9. "What is the CVSS (Common Vulnerability Scoring System)?". SearchSecurity. Retrieved 2022-01-01.
  10. Darley, Trey; Schreck, Thomas (2018-02-12). "Why is Cyber Threat Intelligence Sharing Important?". Infosecurity Magazine. Retrieved 2022-01-01.
  11. Pompon, Raymond (2021-10-12). "Prioritizing Vulnerability Management Using Machine Learning". F5 Labs. Retrieved 2022-01-05.
  12. "First". ITU. Retrieved 2021-12-23.
  13. "Forum of Incident Response and Security Teams". Australian Government Department of Foreign Affairs and Trade. Retrieved 2022-01-01.
  14. "Women in Cyber Mentorship Programme". ITU. Retrieved 2022-01-03.
  15. "FIRST updates guidelines for multi-party vulnerability disclosure". The Daily Swig | Cybersecurity news and views. 2020-05-18. Retrieved 2022-01-03.
  16. Isaac, Anna (2019-09-18). "WSJ News Exclusive | Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches". Wall Street Journal. ISSN   0099-9660 . Retrieved 2022-01-01.
  17. Seener, Barak (8 June 2017). "Trump's Saudi pivot is a golden opportunity in terror fight". CNN. Retrieved 2022-01-01.
  18. Nye, Joseph S. (2014). "The Regime Complex for Managing Global Cyber Activities". Global Commission on Internet Governance.
  19. Baseley-Walker, Ben. "Transparency and confidence-building measures in cyberspace: towards norms of behaviour" (PDF).
  20. Tanczer, Leonie Maria; Brass, Irina; Carr, Madeline (2018). "CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy". Global Policy. 9 (S3): 60–66. doi: 10.1111/1758-5899.12625 . ISSN   1758-5899. S2CID   158740054.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.