What is a CSIRT and how can it help me?

Back to News

With the COVID-19 outbreak, many SMEs, businesses and citizens had to make a giant leap into the online world. Europeans can count on more than 500 Computer Incident Response Teams (CSIRT) to respond to cyber security incidents and attacks and, since 2017, on the CSIRTs Network. Learn more about what is CSIRT and how it can help you.

With the COVID-19 outbreak, many SMEs and businesses had to make a giant and fast leap into remote working, completely relying on the Internet for their business models. This means facing everyday a new kind of cyber threat by enabling employees to work online from home, buy and sell goods online and rely on virtual meetings for everyday decisions. Citizens are also heavily depending on the Internet to maintain contact with other workers and their loved ones, stream content and news, use e-health services, online shopping, schooling and every other activity that has been moved online. Even if far away, we have never been so close.

There are currently more than 500 Computer Incident Response Teams (CSIRT) in Europe covering the needs of large companies, SMEs, private citizens, governments, research and education institutions. These teams are at the front line to respond to cyber security incidents and attacks. ENISA offers an interactive map of currently known Computer Security Incident Response Teams (CSIRTs): the CSIRTs Map. This tool can help  identify the right team for businesses and consumers facing cyber incidents and attacks and dealing with this giant leap into working from home.

Moreover, since 2017, European Union Member States have established a new and unique level of EU cooperation in case of large scale and cross border cyber security incidents: the CSIRTs Network. The first piece of cybersecurity legislation in the EU, known as the NIS Directive, established the CSIRTs Network, which is composed of incident response teams appointed by the Member States and the EU institutions. These teams are responding to cybersecurity incidents in each Member State and work together to protect EU citizens and businesses. During these difficult times for the Union, the CSIRTs Network members continuously exchange cybersecurity related information, which may affect European business and citizens. The Network is ready to respond to COVID-19 related cyber threats. A weekly report to the EU and MS higher levels/and their constituencies is produced by the Network, providing summaries and recommendations on how to face the cyber threats related to the outbreak.

The goal of the CSIRTs Network is to enable its member to cooperate, exchange info on cyber threats, improve the handling of cross border cyber incidents and respond in a coordinated manner to a situation like the one we are facing today. The CSIRTs Network objective is to provide the highest level of incident response in Europe. In case you do not know already the CSIRTs Network member for your country, please visit the dedicated website CSIRTs Network and check out your appointed CSIRTs Network member website, where you can find information and advisories on how to deal with COVID19 related cyber threats in your national languages.

In case your company wants to set up an incident response team, since 2004, ENISA has been supporting the Incident Response community to build and advance capabilities by providing capacity-building opportunities and by publishing over 70 dedicated studies and practices. You can find all them on the ENISA website under the Publication section together with more than 40 dedicated trainings free for download and use covering four main areas: Technical, Operational, Setting up a CSIRT and Legal & Cooperation. The goal is to support EU Member States and businesses to protect the Digital Single Market, raise the next generation of cybersecurity professionals, improve national incident response capabilities and help operators of essential services, digital services providers and businesses to prevent incidents and protect assets in their networks.

In case your company already has an incident response team, you can assess where it is and how it can further advance by using the ENISA CSIRT maturity assessment model and evaluation methodology with the online tool: CSIRT Maturity - Self-assessment Tool. The team can also join the Reference Security Incident Taxonomy Working Group, a community effort to create a common language to exchange data regarding cyber security incidents. So please make use of ENISA resources to foster better cooperation and information sharing and work with us for stronger cybersecurity incident response in Europe.

Further information:

ENISA - CSIRT Services section

ENISA - CSIRTs and communities section

ENISA - CSIRTs in Europe section

For more question you can contact