The 57th TF-CSIRT meeting took place on 23 – 24 May 2019 in Esch-sur-Alzette, Luxembourg. Pre-meeting training events took place from 20 – 22 May 2019 in Luxembourg. The meeting was kindly hosted by RESTENA.
Thursday 23 May 2019
(Venue: University of Luxembourg )
PLEASE NOTE THAT THE MEETING WILL TAKE PLACE AT “Maison des Arts et des Étudiants“
|09:00 – 12:00||Various||TF-CSIRT Closed Meeting. Certified Teams, Accredited Teams and TI Associates only.|
|12:00 – 13:00||LUNCH|
|13:00 – 13:30||Baiba Kaskina, TF-CSIRT SC Chair||
Welcome and SC update, vote on changes to TI Associates.
|13:30 – 14:00||Benoît Roussille, European Commission||ATT&CK for internal hunting
|14:00 – 14:30||Klaus-Peter Kossakowski, Trusted Introducer||
How to protect email communication among CSIRTs? PGP, S/MIME, none?
|14:30 – 15:00||Sebastian Wagner, CERT.at||
Automated incident handling processes and the highlights of its recent 2.0 release.
|15:00 – 15:30||BREAK|
|15:30 – 16:00||Sigita Jurkynaite, GÉANT||
At the beginning of the year, a new phase of the GÉANT project (GN4-3) with a newly added Security work package kicked-off. Although there were various security topics across the project previously, it is only now that it was added as a separate activity with its division into 3 main areas – Business Continuity, Security Baselining and Products and Services. With an increasing focus on Security at NRENs, this new work package received a lot of support. It brings together 43 people from 19 different organisations, combining the expertise and skills from across the community.
|16:00 – 17:00||Various||Lightning Talks|
(Please sign up at RESTENA desk outside of the main meeting room!)
Friday 24 May 2019
(Venue: University of Luxembourg) “Maison des Arts et des Étudiants”
|07:00 – 08:00||Morning run||Meeting at the entrance of Maison du Savoir, Université de Luxembourg|
|09:30 – 09:40||Baiba Kaskina, TF-CSIRT SC Chair||Welcome|
|09:40 – 10:00||Carlos Friacas, FCCN||2019-03 RIPE Proposal (Resource Hijacking)
Address space hijacking happens almost everyday. It’s a worldwide problem, that serves a wide range of abuse related purposes. Hijackers also rely on legitimately obtained numbering resources, but if they don’t respect other people’s address space, why are they still part of the system? What can be done? We can influence policymaking. Anyone can. This work has already been started earlier this year in RIPE, LACNIC and ARIN — and it definitely needs support from people fighting abuse.
|10:00 10:30||Fabien Mathey, cases.lu||Risk Assessment Optimisation with MONARC
This presentation will briefly explain the MONARC method and platform, highlighting its contribution to the community: optimisations and the ability to easily share the information. Each of the presented optimisations and even the sharing part will reduce the amount of resources needed to perform a risk analysis. During the presentation a short live demo where each of the aforementioned optimisations and sharing will be demonstrated on a dedicated instance of MONARC.
|10:30 – 11:00||BREAK|
|11:00 – 11:30||Alexandre Dulaunoy, CIRCL||D4 Project|
|11:30 – 12:00||Klaus-Peter Kossakowski, Trusted Introducer||
This presentation will look at how to make use of the new CSIRT Services Framework.
|12:00 – 13:00||Panel||CSIRT Maturity: What is in it for me?|