Forum of Incident Response and Security Teams

Last updated
Forum of Incident Response and Security Teams
AbbreviationFIRST.org
FormationAugust 7, 1995
Type501(c)(3) not-for-profit public charity
HeadquartersCary, North Carolina
Members
750+ organizations from more than 110 countries [1]
Chair of the board
Tracy Bills
Key people
  • Tracy Bills, President
  • Chris Gibson, Executive Director
Website www.first.org

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. [2] They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage. [3]

Contents

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents. [4]

History

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents. [5] It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014. [6]

Activities

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams. [7]

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community. [8] It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community. [9]

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities; [10] the Traffic light protocol for classifying sensitive information; [11] and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited. [12]

FIRST is a partner of the International Telecommunication Union [13] (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity. [14] The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide. [15]

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL. [16]

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions. [17] In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation. [18]

Internet governance implications

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities. [19]

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable". [20]

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to. [21]

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003.

<span class="mw-page-title-main">National Strategy to Secure Cyberspace</span>

In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks. It was prepared after a year of research by businesses, universities, and government, and after five months of public comment. The plan advises a number of security practices as well as promotion of cyber security education.

The Korea Internet & Security Agency is the Ministry of Science and ICT's sub-organization dealing with the allocation and maintenance of South Korea's IPv4/IPv6 address space, Autonomous System Numbers, and the .kr country code top-level domain (ccTLD), and also responsible for the cybersecurity of the Internet within South Korea, and runs the Korea Computer Emergency Response Team Coordination Center, a.k.a. KrCERT/CC, for the private sector of the country. Other roles include but are not limited to, the promotion of safe Internet usage and Internet culture, detecting and analyzing malware/viruses on the web, privacy protection, operating root CA, education on Internet and cybersecurity, and various other cybersecurity issues.

A computer emergency response team (CERT) is an incident response team dedicated to computer security incidents.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

<span class="mw-page-title-main">Cyberethics</span> Ethics of online activities

Cyberethics is "a branch of ethics concerned with behavior in an online environment". In another definition, it is the "exploration of the entire range of ethical and moral issues that arise in cyberspace" while cyberspace is understood to be "the electronic worlds made visible by the Internet." For years, various governments have enacted regulations while organizations have defined policies about cyberethics.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

<span class="mw-page-title-main">International Multilateral Partnership Against Cyber Threats</span> United Nations-backed cybersecurity alliance

The International Multilateral Partnership Against Cyber Threats (IMPACT) is the first United Nations-backed cybersecurity alliance. Since 2011, IMPACT serves as a key partner of the United Nations (UN) specialized agency for ICTs – the International Telecommunication Union (ITU).

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.

CSIRT.CZ is a national CSIRT team operated by CZ.NIC. CSIRT.CZ's main task is to handle security incidents in computer networks operated in the Czech Republic.

<span class="mw-page-title-main">National Cyber Security Centre (Ireland)</span>

The National Cyber Security Centre (NCSC) is a government computer security organisation in Ireland, an operational arm of the Department of the Environment, Climate and Communications. The NCSC was developed in 2013 and formally established by the Irish government in July 2015. It is responsible for Ireland's cyber security, with a primary focus on securing government networks, protecting critical national infrastructure, and assisting businesses and citizens in protecting their own systems. The NCSC incorporates the Computer Security Incident Response Team (CSIRT-IE).

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

<span class="mw-page-title-main">Basque Cybersecurity Centre</span>

The Basque Cybersecurity Centre (BCSC) is the organization appointed by the Basque Government to promote cybersecurity in the Basque Country. It is made up of departments of the Basque Government and technology centres.

<span class="mw-page-title-main">TR-CERT</span>

TR-CERT is an organization within the Information and Communication Technologies Authority (ICTA) which is the national regulatory authority of the Turkish electronic communication sector. It is responsible for the analysis and risk mitigation of large-scale cyber threats and vulnerabilities, communicating information regarding malicious cyber activities or possible vulnerabilities to computer security incident response teams (CSIRT) and the public.

<span class="mw-page-title-main">Global Commission on the Stability of Cyberspace</span> Commission developing diplomatic norms limiting cyber-offense

The Global Commission on the Stability of Cyberspace was a multistakeholder Internet governance organization, dedicated to the creation of diplomatic norms of governmental non-aggression in cyberspace. It operated for three years, from 2017 through 2019, and produced the diplomatic norm for which it was chartered and seven others.

<span class="mw-page-title-main">OIC Computer Emergency Response Team</span> Affiliated organ of the Organisation of Islamic Cooperation

The OIC Computer Emergency Response Team, commonly known as OIC-CERT, is a computer emergency response team and one of the 17 affiliated organs of the Organisation of Islamic Cooperation. Focused on global cybersecurity in the 27 member and non-member states, it is considered the world's third-largest computer emergency response team coordinated by the 27 countries. The OIC-CERT is primarily focused on providing emergency support in cyber resilience with global collaboration with its associated members and information security organizations. It also encourages member states to implement cybersecurity policies by their respective CERTs.

Brunei Computer Emergency Response Team, commonly known as BruCERT, is a computer emergency response team and national cybersecurity organization of Brunei Darussalam. Affiliated with the OIC Computer Emergency Response Team, the Asia Pacific CERT (APCERT), Forum of Incident Response and Security Teams (FIRST) and other international organizations in the information technology sector, it is tasked with preventing, analysing, and maintaining cybersecurity in addition to serving as a national research centre for IT infrastructure in the country.

<span class="mw-page-title-main">Agenzia per la Cybersicurezza Nazionale</span> Italian government body for cyber-security

The Agenzia per la Cybersicurezza Nazionale (ACN) is an Italian government agency established by decree 82 of 14 June 2021.

References

  1. "FIRST members".
  2. "Forum of Incident Response and Security Teams".
  3. "GUIDANCE FOR IMPROVING THE COMPARABILITY OF STATISTICS PRODUCED BY COMPUTER SECURITY INCIDENT RESPONSE TEAMS CSIRTs)".
  4. "The age of digital interdependence" (PDF).
  5. Slayton, Rebecca; Clarke, Brian (2020). "Trusting Infrastructure: The Emergence of Computer Security Incident Response". Technology and Culture. 61 (1): 173–206. doi: 10.1353/tech.2020.0036 . PMID   32249219. S2CID   214808905.
  6. "North Carolina Secretary of State Search Results". www.sosnc.gov. Retrieved 2021-12-24.
  7. "FIRST launches new code of ethics for incident response and security teams on Global Ethics Day". www.securitymagazine.com. Retrieved 2022-01-01.
  8. "FIRST conference focuses on handling security breaches". News Is My Business . 2017-06-13. Retrieved 2022-01-05.
  9. "Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards". www.securitymagazine.com. Retrieved 2022-01-05.
  10. "What is the CVSS (Common Vulnerability Scoring System)?". SearchSecurity. Retrieved 2022-01-01.
  11. Darley, Trey; Schreck, Thomas (2018-02-12). "Why is Cyber Threat Intelligence Sharing Important?". Infosecurity Magazine. Retrieved 2022-01-01.
  12. Pompon, Raymond (2021-10-12). "Prioritizing Vulnerability Management Using Machine Learning". F5 Labs. Retrieved 2022-01-05.
  13. "First". ITU. Retrieved 2021-12-23.
  14. "Forum of Incident Response and Security Teams". Australian Government Department of Foreign Affairs and Trade. Retrieved 2022-01-01.
  15. "Women in Cyber Mentorship Programme". ITU. Retrieved 2022-01-03.
  16. "FIRST updates guidelines for multi-party vulnerability disclosure". The Daily Swig | Cybersecurity news and views. 2020-05-18. Retrieved 2022-01-03.
  17. Isaac, Anna (2019-09-18). "WSJ News Exclusive | Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches". Wall Street Journal. ISSN   0099-9660 . Retrieved 2022-01-01.
  18. Seener, Barak (8 June 2017). "Trump's Saudi pivot is a golden opportunity in terror fight". CNN. Retrieved 2022-01-01.
  19. Nye, Joseph S. (2014). "The Regime Complex for Managing Global Cyber Activities". Global Commission on Internet Governance.
  20. Baseley-Walker, Ben. "Transparency and confidence-building measures in cyberspace: towards norms of behaviour" (PDF).
  21. Tanczer, Leonie Maria; Brass, Irina; Carr, Madeline (2018). "CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy". Global Policy. 9 (S3): 60–66. doi: 10.1111/1758-5899.12625 . ISSN   1758-5899. S2CID   158740054.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.