It’s been two years since the TF-CSIRT Steering Committee developed the first TF-CSIRT Strategy at a retreat by the Swiss lakes, so we thought it would be a good idea to check in and see how well we are meeting our goals. The strategy identified 7 areas for development for TF-CSIRT:
- improve TF-CSIRT governance,
- leverage community knowledge,
- champion the prestige and visibility of TF-CSIRT,
- develop a future business and financial model,
- improve face to face engagement,
- improve internal organizational processes,
- safeguard and enhance the trusted infrastructure’s maturity processes.
Various activities have been led by TF-CSIRT Steering Committee members to achieve these goals…but how successful have we been?
Improve TF-CSIRT governance
To support better governance, the Steering Committee created an overviewof what it takes to be part of the committee to help future members understand the requirements. The TF-CSIRT SC is a very active group with a high commitment level, and we wanted to make it clear to future members how they can be involved and the benefits of this community-led effort. We put forward a vote to extend the term for members and the number of members in the Steering Committee. This was implemented in theterms of reference and led to two additional members being appointed in September 2018. We also made a commitment to ensure there was a (short) Steering Committee update at every meeting. The inner workings of the organisation might not make the most inspiring presentations, but we feel it is important to give the whole community a sense of ownership of the process.
Leverage community knowledge
In this area, we have been focusing on developing the training portfolio. In 2018, a group of TRANSITS trainers and GÉANT staff attended a TRANSITS retreat in Portugal to rewrite TRANSITSI materials and prepare the materials for publishing under a Creative Commons license. The Legal Module and Technical Module have been completed and are published, with plans for the Organisational and Operational modules to be finished soon. We are also reviewing the topics covered by training and gaps that might exist, creating a list of groups we recommend for TRANSITS training and clarifying the copyright and permissions for TRANSITSII courses.
Another aim is to further develop the TF-CSIRT Working Groups. At the moment, TF-CSIRT supports the Reference Security Incident Taxonomy Working Group that meets alongside all TF-CSIRT meetings. There is scope and capacity to support more groups so if you have any suggestions, proposals or requirements please let us know!
Champion prestige and visibility
The Steering Committee has created a list of groups and fora that it wants to have a closer working relationship with and has invited several organizations to present at TF-CSIRT meetings. This has led to presentations from CERT/CC, the Internet Society and CCDCoE at recent meetings. The SC will continue to develop this approach and its relationships with other groups.
Develop a future business and financial model
This goal is being met by the work of the TF-CSIRT Futures Working Group and a review of the current legal arrangements for TF-CSIRT. More information can be found in the recent Request for Quotations (RFQ) issued for TF-CSIRT.
Improve face-to-face engagement
For this goal, the Steering Committee wanted to look at how the face-to-face meetings can better serve the needs of members. The importance of face-to-face is well established in our community, but how can we ensure that these meetings deliver the most we can for members? We set a KPI of having 80% of accredited teams attending meetings at least once annually. This is currently at 70% so we are on the way, but not quite hitting target at this stage. Team attendance will also be added to the Trusted Introducer database to make it easier for teams to track their own engagement.
An important factor for TF-CSIRT is to keep meetings affordable – recognising that many of the small and varied CSIRT teams we work with don’t necessarily have access to budgets for expensive meetings and difficult locations. TF-CSIRT has been lucky to find many host organisations, which enables us to keep the costs of meetings down for all our members, and works annually with FIRST to make the joint January meeting an affordable cost.
We’ve also been working on the content of meetings – the introduction of lightning talks has been popular with the community and we’ve been working with invited guests and experimenting with panels and other approaches to make the content engaging. This has been combined with adding training events alongside the meetings to give teams further opportunities to improve their skills.
Improve internal organizational processes
TF-CSIRT has a complicated structure combining three different operational approaches, three different budgets for TF-CSIRT, TRANSITS and Trusted Introducer and different organizations offering operational capacity for the group. This makes it difficult for the community to fully understand and it is complicated for new Steering Committee members to support. The Steering Committee has been working on better documenting roles and responsibilities and reviewing resource allocation and budget in each area. A new change request process has been established for Trusted Introducer to enable new features to be developed more easily and as mentioned above, a full review of TRANSITS is well under way.
Safeguard and enhance the maturity process
Team maturity and development has always been at the heart of the TF-CSIRT offer and continues to be of primary importance to the community. With this goal, the TF-CSIRT Steering Committee focused on making sure the current maturity processes were fit for purpose and proposed numerous updates to the community. This has led to a complete review of the Trusted Introducer Listing process, with improvements introduced to ensure that Listed team information remains valid and up-to-date. Accreditation requirements have also been reviewed and new goals were set for representatives and reaction tests. Material to better explain the importance of Listing was also developed, with a similar document for Accreditation on its way.
Overall, the Steering Committee has made good progress with the goals set for this iteration of the TF-CSIRT Strategy. The primary aims will remain in place, but the SC will be reviewing and setting new goals in each area in the upcoming months. If you have any suggestions or inputs for this review we would love to hear from you.