TF-CSIRT hosted its 56th meeting and its traditional joint January meeting with the FIRST Regional Symposium in Tallinn Estonia. Despite the snow, we welcomed over 260 participants to talk all things incident response. The full programme and presentations from the event can be found on the FIRST website.

Tallinn has long been the home of significant focus on innovation and security and we were lucky to be joined by Andrus Kaarelson, Director of State Information System in the duties of Director General, who shared lessons learnt on security and the Estonian eID. The local theme remained strong with Franz Lantenhammer and Silver Saks from NATO CCDCOE talking about their experiences with cyber exercises. Participants heard about the figures behind the #lockedshields exercise run by CCDOE: 4000 VMs, 1000 people, 25000 attacks, and 30 nations involved.

Tallinn provided the opportunity for many announcements from the TF-CSIRT community. We were proud to congratulate Telia CERT and, both of whom have completed Trusted Introducer (re)Certification.

Well done @ncsc_nl – successfully recertified— tfcsirt (@tfcsirt) 21 January 2019

Congratulations to @TeliaCompany Telia CERT on getting recertified!— tfcsirt (@tfcsirt) 21 January 2019

We were also happy to announce that the TF-CSIRT TRANSITS materials are now being made available under a Creative Commons license. The first of these materials are now available on the TF-CSIRT website and all other modules will be made available shortly. You can read more about the process for making these modules available on the TF-CSIRT blog.

The rest of the agenda including a large range of presentations – from a focus on the legal and ethical implications of IoT from RIPE NCC, an update from ENISA on supporting EU incident response capabilities to an update on how we can create a global CSIRT maturity framework. The agenda also provided strong technical content, with a look at information leak analysis, useful APIs for security work, malware analysis and lessons learnt from forensic lab work and tracking threat actors.

TF-CSIRT also featured its now well-known lightning talks. We don’t capture these on the programme agenda so if you would like to know more about the questions posed and issues addressed by our lightning talk speakers please take a look at our twitter stream! Highlights include introductions and contact details for many new teams and useful new tools for the community so don’t miss out.

With thanks to CERT-EE for hosting us in beautiful Tallinn and FIRST for co-hosting with us, we look forward to seeing you all in Luxembourg from 23rd – 24th May 2019 for the 57th TF-CSIRT meeting.