(A friendly welcome to the TF-CSIRT Steering Committee)

The 49th Meeting of the TF-CSIRT Community was held from 20th – 21st September 2016, kindly hosted by SWITCH in Zürich, Switzerland.  The meeting was co-located with a celebration of 20 years of SWITCH CERT, including a symposium.  SWITCH have provided a history of the work of SWITCH CERT over its lifetime, and the challenges of being a CERT team in this changing environment.

The impact of operating within Europe was a common theme within the discussions in Zürich.  Andrew Cormack report on the impact of Net Neutrality and the net neutrality guidelines issued by The Board of European Regulators of Electronic Communications (BEREC).  Work by Jisc to highlight inconsistencies between the guidelines and BCP38 have led to a revision of the text within the guidelines, which is good news for national regulators promoting BCP38 as a standard.  More information can be found on Andrew’s excellent blog.

Miroslaw Maj from the Trusted Introducer team continued the “european” theme by talking about a TI intiative to gather more information about coordinated national CSIRT initiatives across Europe. Teams and groups are invited to send information to the TI team using the template outline in Mirek’s presentation. Another proposal to the community came from Jiri Prusa from NIC.CZ in his presentation on the Connection Europe Facility and how to finance CERTS / CSIRTS in Europe. Jiri described the CEF’s thematic call for supporting national/government CERTs and put forward a proposal for coordinating responses to the call, including the idea for funding pots to allow smaller / growing teams to have access to funds to cover travel costs to things like TF-CSIRT meetings.  Anyone interesting in participating should contact Jiri.

September was also the time for voting in the TF-CSIRT meetings.  A trial of the Trusted Introducer Response test, which tests the responsiveness of TI teams to emails, has been underway for sometime and in Zürich members voted to make this a formal part of the Trusted Introducer framework with a SHOULD recommendation for team participation.   The meeting also saw some changes to the TF-CSIRT Steering Committee – with Baiba Kaskina confirmed as Chair of the SC for a second period and Vladimir Bobor welcomed back for his second term on the committee.  Zuzana Duračinská was successful elected as a new member of the committee, and we thanked Daniel Röthlisberger for his term on the committee as he moves on to a new team.   Finally, the community was asked to consider the recent work by FIRST to create a consolidated version of the Traffic Light Protcol and it’s release.  There was strong support from the meeting for TF-CSIRT to actively support this new version, and an announcement on this will be forthcoming.  The results of all votes can be tracked on the TF-CSIRT website.

TF-CSIRT continued its pragmatic technical focus with updates from CIRCL on the Analysis Information Leak framework (AIL), an update on how CERT-CDCFR is using Splunk to detect and respond to cyber-attacks and a presentation from Orange Polska on the Orange CyberShield initiative which looks at providing a holistic approach to manage threats through from detection to mitigation.

The 49th meeting also hosted a side-meeting in the form of a role-playing exercise thanks to the REFEDS Sirtfi initiative.  Sirtfi aims to create a framework for incident response within the world of identity federations and in turn bring the roles of federation management and incident response closer together.

The meeting ended with a wonderful dinner of spaghetti fun, thanks to our SWITCH hosts, and a welcome to join both TF-CSIRT and FIRST for the joint January meeting in Valencia from 23-25 January 2017.

Delegates enjoying “Spaghetti Fun” in Zürich.