Forum of Incident Response and Security Teams

Last updated
Forum of Incident Response and Security Teams
AbbreviationFIRST.org
FormationAugust 7, 1995
Type501(c)(3) not-for-profit public charity
HeadquartersCary, North Carolina
Members750+ organizations from more than 110 countries [1]
Chair of the board
Tracy Bills
Key people
  • Tracy Bills, President
  • Chris Gibson, Executive Director
Website www.first.org

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. [2] They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage. [3]

Contents

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents. [4]

History

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents. [5] It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014. [6]

Activities

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams. [7]

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community. [8] It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community. [9]

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities; [10] the Traffic light protocol for classifying sensitive information; [11] and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited. [12]

FIRST is a partner of the International Telecommunication Union [13] (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity. [14] The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide. [15]

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL. [16]

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions. [17] In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation. [18]

Internet governance implications

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities. [19]

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable". [20]

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to. [21]

References

  1. "FIRST members".
  2. "Forum of Incident Response and Security Teams".
  3. "GUIDANCE FOR IMPROVING THE COMPARABILITY OF STATISTICS PRODUCED BY COMPUTER SECURITY INCIDENT RESPONSE TEAMS CSIRTs)".
  4. "The age of digital interdependence" (PDF).
  5. Slayton, Rebecca; Clarke, Brian (2020). "Trusting Infrastructure: The Emergence of Computer Security Incident Response". Technology and Culture. 61 (1): 173–206. doi: 10.1353/tech.2020.0036 . PMID   32249219. S2CID   214808905.
  6. "North Carolina Secretary of State Search Results". www.sosnc.gov. Retrieved 2021-12-24.
  7. "FIRST launches new code of ethics for incident response and security teams on Global Ethics Day". www.securitymagazine.com. Retrieved 2022-01-01.
  8. "FIRST conference focuses on handling security breaches". News Is My Business . 2017-06-13. Retrieved 2022-01-05.
  9. "Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards". www.securitymagazine.com. Retrieved 2022-01-05.
  10. "What is the CVSS (Common Vulnerability Scoring System)?". SearchSecurity. Retrieved 2022-01-01.
  11. Darley, Trey; Schreck, Thomas (2018-02-12). "Why is Cyber Threat Intelligence Sharing Important?". Infosecurity Magazine. Retrieved 2022-01-01.
  12. Pompon, Raymond (2021-10-12). "Prioritizing Vulnerability Management Using Machine Learning". F5 Labs. Retrieved 2022-01-05.
  13. "First". ITU. Retrieved 2021-12-23.
  14. "Forum of Incident Response and Security Teams". Australian Government Department of Foreign Affairs and Trade. Retrieved 2022-01-01.
  15. "Women in Cyber Mentorship Programme". ITU. Retrieved 2022-01-03.
  16. "FIRST updates guidelines for multi-party vulnerability disclosure". The Daily Swig | Cybersecurity news and views. 2020-05-18. Retrieved 2022-01-03.
  17. Isaac, Anna (2019-09-18). "WSJ News Exclusive | Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches". Wall Street Journal. ISSN   0099-9660 . Retrieved 2022-01-01.
  18. Seener, Barak (8 June 2017). "Trump's Saudi pivot is a golden opportunity in terror fight". CNN. Retrieved 2022-01-01.
  19. Nye, Joseph S. (2014). "The Regime Complex for Managing Global Cyber Activities". Global Commission on Internet Governance.
  20. Baseley-Walker, Ben. "Transparency and confidence-building measures in cyberspace: towards norms of behaviour" (PDF).
  21. Tanczer, Leonie Maria; Brass, Irina; Carr, Madeline (2018). "CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy". Global Policy. 9 (S3): 60–66. doi: 10.1111/1758-5899.12625 . ISSN   1758-5899. S2CID   158740054.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.