Driving the Global Ecosystem of Incident Response Capabilities: New Studies Now Available

Back to News

The European Union Agency for Cybersecurity releases two studies to develop and support incident response teams, during the 12th meeting of the CSIRTs Network.

The 12th meeting of the CSIRTs Network, held earlier this week, was the opportunity for the European Union Agency for Cybersecurity to introduce the following two new guides dedicated to improving the work of incident response teams:

The event, hosted by the German Presidency of the Council of the European Union, gathered together CSIRTs Network Members (EU Member States’ appointed CSIRTs and CERT-EU ) to discuss operational cooperation capabilities in the EU as defined by the Network and Information Security Directive. 
 

The role of the CSIRTs Network is to provide a forum where the national and sectoral CSIRTs of all Member States and CERT-EU can cooperate, exchange information, and work on how to build trust. They are dedicated to the improvement of the way cross-border incidents are handled and how to respond in a coordinated manner to specific incidents. ENISA provides the secretariat of the CSIRTs Network and actively supports the cooperation between the members of the network and the organisation of their meetings.

What are the studies intended for?

Both studies are intended for incident response teams. The first one was conducted to investigate ways on how to establish and improve teams. The second one focusses on trends in Energy and Air Transport Incident Response (IR) and offers insights on current challenges and gaps.

How to set up CSIRT and SOC - Good Practice Guide

Cybersecurity threats are increasing and becoming more complex. One of the most effective ways to counter these threats is by creating a global ecosystem of computer security incident response teams (CSIRTs) and security operations centres (SOCs).

The purpose of this ecosystem is to facilitate communication, the sharing of information in order to respond to cyber-threats effectively. This can be achieved by providing relevant frameworks while increasing the number of CSIRTs and SOCs around the world and developing the maturity of existing CSIRTs and SOCs.

ENISA is assisting EU Member States with their incident response capabilities by providing them with various resources, such as documents, tools, materials and guidance. More than 40 teams from all over the world contributed to the content of the study.

Methodology

The study developed on a results-driven approach. It is presented with a structure meant to provide guidance on the different stages of the establishment of a CSIRT or SOC organization. The reader will be guided on what to focus on at each stage of the process such as establishment and improvement.

This publication will be of specific interest to those who intend to establish a CSIRT or SOC. It will also help those looking for guidance on possible improvements according to the different types of CSIRTs and SOCs already created and functioning today. The guide builds on the existing work of ENISA, especially in the areas of maturity and training.

Sectoral CSIRT capabilities - Status and Development in the Energy and the Air Transport sector

Digital infrastructure, Information and Communication Technologies are critical to our societies and economies. Both Energy and Air Transport sectors face considerable threats with potentially disastrous financial and societal consequences. This is why they require solid Incident Response Capabilities (IRC).

Both sectors come with large supply chains and a multiplicity of stakeholders (Public authorities, Regulators, Professional associations, large industries, SMEs, etc.). They have, in recent years, taken steps to structure and strengthen their ability to face cyber threats and to respond to cyber incidents. The creation of ISACs to encourage information-sharing at the sectoral level is an excellent illustration of this evolution.

Context and scope of the study

This publication provides a continuation of the work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”.

By providing an extensive analysis of the recent changes and evolutions of IR capabilities (IRC) within Air Transport and Energy sectors in the Member States, the study aims to increase the understanding and knowledge of IRC development under today’s circumstances. To that effect, the study was conducted in the light of the recent changes related to the Covid-19 pandemic and in the context of the upcoming revision of the NIS Directive.

Recommendations

The study is presented as a snapshot of the current situation in the area. General recommendations are provided around capabilities, regulations and collaboration. In particular, The study highlights a total of eight key findings on topics like establishment and organization of sectorial CSIRTs, specific services and competencies offered by such CSIRTs, tools and information sharing mechanisms used as well as challenges faced.

Further Information
 

CSIRTs Network website

Topic - CSIRTs Servicies

Topic - CSIRTs and communities

Contacts

For question related to CSIRT CSIRT-Relations@enisa.europa.eu

For questions related to the press and interviews, please contact press (at) enisa.europa.eu