TF-CSIRT is turning 20!
And who is best to tell the story than those who lived it? To mark this special occasion, we have reached out to some of the most notable members of the community, who have contributed to TF-CSIRT as we know it today and asked them to share their memories and visions for the future.
First TF-CSIRT meeting: Paris, 2000
Favourite TF-CSIRT locations: Malaga, Greek islands, Tallinn
Klaus-Peter Kossakowski is an irreplaceable member of the TF-CSIRT community, it is hard to imagine a meeting without KPK being present. He has been here from the beginning when the European National Research and Education Network CSIRTs started getting together and figuring out how to best work together in the early 90s. Klaus-Peter represents the German NREN DFN but also leads Presecure, the current provider of the Trusted Introducer service. Last year, Klaus-Peter became the inaugural winner of the Incident Response Hall of Fame. He has really – truly – seen it all. So we absolutely had to ask him to remember how it all began.
“I had no idea that we would be sitting here in 20 years from that time. I knew something was important. It was good, it felt good. If you would have asked me this question in Paris I would have said: No, no way, 20 years? Are you kidding?”Klaus-Peter Kossakowski
“It was becoming more and more obvious that the people shared the same vision that there are some tasks that needed to be done by all teams and then slowly we recognised that it could be done by some for all”, remembers Klaus-Peter. “Before we had the EuroCERT project (which failed) and it was obvious that there would not be a European CSIRT for a while and still 20 years back some people thought that it would be there by now but it isn’t”.
Klaus-Peter thinks that the first official TF-CSIRT meeting in Paris 20 years ago was crucial. The group of CSIRT professionals was growing, but there was no structure or regular services. He says that although this is an “ugly word”, but at the Paris meeting the group of volunteers became “institutionalised” – “there was an expectation that this should be a regular thing and not left to disappear again”.
At around the same time, the idea of Trusted Introducer came up. “The first name we worked with was ‘Trust Broker’, but then we thought – we cannot trade trust”, says Klaus-Peter. Trusted Introducer was meant for “having people, who are trusted by some, making introductions and facilitating the meeting and further interaction”. Klaus-Peter remembers that at the Paris meeting the exact TI portfolio was unclear. “But it was also clear that nobody had thought about that before, so then a process started to identify the things that cannot be done locally. The report was chartered and that report still is at the core of what we know as listing and accreditation. Certification was added 10 years later. Klaus-Peter remembers that at the beginning, “everyone said: no, we don’t need certification. Nobody would be able to certify”. 20 years later, there are 34 certified teams and the number is growing faster than ever before.
This year, certification became more challenging because it was impossible to travel. However, Klaus-Peter does not think that it was very negative: “to some degree, it has improved the collaboration and the pick-up of knowledge, because you don’t have a single day, but you are working more continuously together and also you have more time to develop ideas, to raise an issue and to check a few weeks later how they have adopted and if there are further questions”.
Klaus-Peter is positive that the community will deal with the contemporary challenges, because the community is stable. “I trust the teams to get over this and to find solutions. And all I have seen has proven that”.
LISTEN TO THE FULL CONVERSATION HERE: