New Light Shed on Capabilities in Energy & Healthcare

Back to News

A new report released today by the EU Agency for Cybersecurity (ENISA) showcases the product vulnerability management landscape, unveiling challenges faced by sectoral CSIRTs and PSIRTs.

Sectoral CSIRTs and PSIRTs in a nutshell

Europeans can count on more than 500 Computer Incident Response Teams (CSIRTs) and on the CSIRTs network to respond to cybersecurity incidents and attacks.

In addition to CSIRTs, Product Security Incident Response Teams (PSIRTs) have emerged more recently. Their role is to manage the vulnerabilities of a company’s products and services.

PSIRTs have been mostly developed in a heterogeneous way. For instance, while some of them are well developed and independent from the main Incident Response (IR) team of the host company, others belong to their Security Operations Centre (SOC) or are just part of the development team.

Why a report on CSIRTs and PSIRTs capabilities?

The Directive on Security of Network and Information Systems (NISD) adopted in 2016 provides legal measures to boost the level of cybersecurity in the EU. Both CSIRTs and PSIRTs are essential players in the global Incident Response (IR) ecosystem.

The study published today - PSIRT Expertise and Capabilities Development - provides recommendations on the role of PSIRTs in the IR setup of the Member States according to the NISD, specifically in the energy and health sectors.

ENISA had already explored in details the IR setup across all sectors of the NISD in a study published in 2019: “EU Member States incident response development status report”.

Sectoral PSIRTs as energy or healthcare ones may benefit from an aligned approach in terms of processes and collaboration to ensure legal compliance in relation to their business partners, clients and possibly Operators of Essential Services or other actors subject to EU cybersecurity regulation.

Target audience

Based on an extensive desk research and a survey addressed to 7 PSIRTs and 22 CSIRTs from 19 Member States, the report identifies 12 findings and discloses 9 recommendations addressed to:

  • Sectoral PSIRTs;
  • Sectoral CSIRTs;
  • Operators of Essential Services (OES);
  • Security Operations Centres.

What are the key findings & key recommendations?

The recommendations issued are based on an in-depth analysis of the following elements:

  • Organisation, processes & tools;
  • Collaboration;
  • Development & visibility.

The study highlights the following major challenges and related recommendations:

  1. Develop a clearer role and visibility of PSIRTs
     

    The exact role of PSIRTs or their specific activities are not always clear. Recommendations consist in developing communications with clients and encouraging stronger engagement with the Incident Reporting community through conferences and working groups.

    The development of standardised documents based on partner expectations in relation to PSIRT policies, procedures and services offered could help improve the understanding of the services, the visibility of the PSIRT team and facilitate the vulnerability reporting process.

  2. Improve cooperation among PSIRTs

    Challenges are identified in relation to effective cooperation among the different stakeholders of the vulnerability ecosystem such as PSIRTs, CSIRTs, national and/or sectoral CSIRTs, end clients and OES.

    Recommendations include the development of technical standards to improve interoperability, automation and processes in order to streamline the exchange of sensitive information. This would especially make sense in order to meet the requirement of early notification in case of vulnerability disclosure.

Find out about the other challenges and recommendations issued in the report published today.

Download the Report

How can ENISA help?

Generally, both emerging and established PSIRTs consider it necessary for ENISA to develop best practices, standards and harmonised certifications that PSIRTs could rely on to improve their efficiency.

Recommended actions include the publication of guidelines and general security guidance. At a more global level, the development of a high-level cooperation framework would help develop best practices and also facilitate exchanges among the different PSIRTs and other IR teams within the EU.

Further information

ENISA Leaflet - PSIRT Expertise and Capabilities Development

How to set up CSIRT and SOC – Good Practice Guide

Sectoral CSIRT Capabilities – Energy and Air Transport

Driving the Global Ecosystem of Incident Response Capabilities: New Studies Now Available

ENISA - CSIRT Services section

ENISA - CSIRTs and communities section

ENISA - CSIRTs in Europe section

Press Contact

For questions related to the press and interviews, please contact press (at) enisa.europa.eu.