Photo by https://www.flickr.com/photos/liste1/: Creative Commons Attribution 2.0 Generic (CC BY 2.0).
The concept of “listed” teams has been built into the make-up of the Trusted Introducer service since it began. These are teams that have applied to be part of the TI team directory and have been supported in joining by 2 existing TI teams. Listing is free for all teams, and entitles the team to an entry in the database and access to the open sessions at TF-CSIRT meetings. Once a team has been accepted, the contact data of the newly registered team is made publicly available.
As part of the its ongoing commitment to review services and value for the community, the TF-CSIRT Steering Committee led a breakout discussion session at the 50th TF-CSIRT meeting in Valencia. The groups were asked a series of questions to probe whether the listing process was working for the community and if any changes should be made. The questions asked were:
- Should there be a time limit on the duration for listing?
- Should PGP keys be mandatory for listed teams?
- Should the name “listed” be changed?
- Should there be more restrictive requirements for listing?
- Should we keep listed teams?
- Should the directory be non-public?
- Should there be a fee for listing?
- Should there be more services for listed teams?
- Should accredited teams pay more to support listed teams?
- Should there be mandatory response testing?
- Should we exclude non-responsive teams and how do we better engage teams?
- What is the role of the listed team sponsor?
All of the breakout groups had very engaged discussions on the topics with a variety of views expressed. The outcomes of the discussions have been summarised and a draft set of recommendations prepared for discussion at the upcoming TF-CSIRT meeting. The full report is available for download.
Based on the discussion groups, the TF-CSIRT Steering Committee is making the following initial recommendations to the community:
- Listed teams should remain a service within the TF-CSIRT portfolio with no change to the name and with the same services offered to the teams as currently provided.
- A better definition of what is meant to be “listed” should be developed (possibly with more promotional-style material) and abuse of this definition should be monitored.
- Listed teams should be fully relisted after three years, including renewing the sponsorship stages.
- The TI database should remain fully public.
- Listed teams should participate in response testing at least once per year.
- Non-responsive teams should be flagged / greyed out on the TI database.
- Listed teams should be actively encouraged (required?) to attend the first TF-CSIRT meeting after their listing, and present their team.
- An enhanced role should be established for the sponsors – they should be listed on the team profile prominently, they should help encourage the team to attend meetings and participate in the community and they should be involved in trouble shooting problems with non-responsive teams.
The TF-CSIRT Steering Committee looks forward to feedback on these recommendations and implementing the improvements to ensure the Trusted Introducer services continues to grow with its community.