Academic journal article Federal Communications Law Journal

Are Cyber Security Incident Response Teams (CSIRTs) Redundant or Can They Be Relevant to International Cyber Security?

Academic journal article Federal Communications Law Journal

Are Cyber Security Incident Response Teams (CSIRTs) Redundant or Can They Be Relevant to International Cyber Security?

Article excerpt

TABLE OF CONTENTS  I.    INTRODUCTION                                                  202 II.   THE CYBER SECURITY INCIDENT LANDSCAPE                         203 III.  HISTORICAL BACKGROUND AND THE EMERGENCE OF CSIRTS             206 IV.   LEGAL AND PRACTICAL OBSTACLES THAT LIMIT INFORMATION          214       SHARING V.    RE-CONCEPTUALIZATION OF CSIRTS: EMERGENCY RESPONSE            217       A. History of the International Red Cross and Red Crescent    217          Movement (Movement) and Its Components       B. Lessons for CSIRTs                                         223 VI.   CONCLUSION                                                    225 

I. INTRODUCTION

Cyber security incidents can have severe consequences for individuals, businesses and states. The scope of the problem is expanding as adversaries develop increasingly sophisticated cyber tools and techniques. (1) Moreover, the scale of the problem is growing with increased interdependency. (2) Given the cross-border nature of cyberattacks, international cooperation is critical to prevent and respond to incidents. (3) A key response to cybersecurity incidents has been Cybersecurity Incident Response Teams ("CSIRTs"). A CSIRT is "a service organization that is responsible for receiving, reviewing and responding to computer security incident reports and activity." (4) CSIRTs traditionally served as intermediaries "between benign identifiers, who reported vulnerabilities, and software users" and disseminated vulnerability information. (5) However, CSIRTs face legal and practical challenges to their continuing existence. CSIRTs do not have a clear mandate: their role and relationship with the state, other CSIRTs operating within the state, and international actors are unclear and national laws impede the ability of CSIRTs to share data. (6) Moreover, the information collected and shared may be inaccurate due to under reporting and inconsistencies. Trust and cooperation are also impeded by the commodification of vulnerabilities, state perceptions of cyberspace as a new threat domain, the expansion of the CSIRT community, and advent of a "cyber regime complex." (7)

This paper examines the constitutive statutes of the International Red Cross and Red Crescent Movement ("Movement") and proposes that the role of actors in cybersecurity and CSIRT landscapes and CSIRTs be reconceptualized by adopting Movement functions and components. The first section of this paper will provide background on the cyber security incident landscape, explaining the nature and scope of the problem. The second section will provide background information on the global CSIRT network by describing the historical and current roles and responsibilities a CSIRT assumes and exploring current cooperation, collaboration, and information-sharing efforts. The third section will focus on the legal and practical obstacles that limit information sharing. The fourth section explores emergency response mechanisms to humanitarian crises and considers whether CSIRTs can be re-conceptualized. The paper concludes with the following recommendations: (1) that the Forum for Incident Response and Security Teams ("FIRST") serve as an umbrella organization responsible for providing information, support, and coordination between CSIRTs; (2) that States support National CSIRTs ("NCSIRTs") by enacting legislation that clearly defines the mandate of CSIRTs and their relationship with other actors and allocate resources for CSIRTs; and (3) that NCSIRTs assist victims and contribute to the community by assisting in the development of other CSIRTs. This will enable CSIRTs to coordinate the response to cyber security incidents at a global level.

II. THE CYBER SECURITY INCIDENT LANDSCAPE

Cybersecurity incidents can have severe consequences for individuals, businesses, and States. Individuals may suffer financial loss through phishing or devastating psychological effects as occurred in the suicides associated with the leak of Ashley Madison customer details. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.