FIRST standards to clean up messy CERTs

The global gathering of incident responders FIRST is spearheading a global standards effort to reform and unify the operations of government and large enterprise computer emergency response teams (CERTs).

The Forum of Incident Response and Security Teams (FIRST) has tipped US$500,000 into the effort and has received backing from many national CERTs and governments including Australia, the US, Canada, and from Britain's new CERT.

FIRST director Peter Allor said at the Australian Information Security Association (AISA) conference last Friday that the framework would cover all operational aspects of national and large enterprise CERTs.

"Each CERT invents the way it will operate so they operate differently," Allor said.

"We put our hand up to do this and we received a lot of support."

There were no standard operating models for CERTs meaning many collected shared different kinds of data and used varied metrics. This created problems including with data classification with information-sharing between national CERTs, Allor told Vulture South.

In the past, sharing data among CERTs was often an ad-hoc affair, sometimes even conducted between individual staffers rather than CERT to CERT.

Allor said FIRST was well placed to lead the charge given its long history and large base of CERT members.

Security CERT bods from Japan, South America and the UK attended the recent inaugural FIRST conference where aspects of the initiative were discussed. ®