News
In focus: Status report 2012 on Computer Emergency Response Teams baseline capabilities launched by EU Agency ENISA
December 2012 by Marc Jacob
The EU’s cyber security agency ENISA has launched two new reports: 1. The Status Report 2012 for CERTs which provides a state-of-play overview of national/governmental CERTs’ capabilities (n/g CERTs) and concludes that the key challenge is the diversity of capabilities across Member States in Europe. 2. The accompanying report on updated recommendations for n/g CERTs addresses remaining gaps and shortcomings.
The need for a functional network of n/g CERTs in Europe by the end of 2012 was established in several EU documents (Digital Agenda for Europe/EU’s Internal Security Strategy/the CIIP Communication). The Status Report 2012 states that the key obstacle to cross-border cooperation and incident response is the diversity of capabilities across Member States. Some teams do not have an ‘adequate level of maturity’ compared with the teams in other Member States. Four baseline capabilities constitute the focus of the report:
Excerpts of key findings for n/g CERTs;
Mandate & strategy:
– Most n/g CERTs have a clear role and mandate, yet the details and form vary greatly across the EU.
– A great deal of work needs to be done regarding the proper inclusion of n/g CERTs in national cyber-security strategies; presently, less than 50% of the Member States have such strategies.
Service portfolio:
The scope of support depends on the type of constituent: key constituents (e.g. governmental bodies) receive the complete service portfolio. The valuable cyber security expertise of n/g CERTs is also highly sought by law enforcement agencies and other stakeholders.
Operational capability:
More than 80% employ 6–8 full-time staff, which is the minimum level necessary for acceptable services. However, in smaller teams, staff have multiple roles, which is a barrier to specialisation. In particular, n/g CERTs report difficulties in hiring digital forensics and reverse engineering specialists.
Cooperation capability:
As large-scale cyber-incidents necessitates both national and international management, n/g CERTs are well anchored in international structures like (FIRST, TF-CSIRT, EGC, Trusted Introducer, APWG or ENISA workshops).
The Executive Director of ENISA, Professor Udo Helmbrecht, stated; “These two reports show that while great progress has been made in Europe recently, more work is necessary to bridge the different maturity levels of CERTs. The identified challenges: questions of clarity of governmental CERT roles and responsibilities, lack of funding and missing resources such as highly specialised IT, legal, and PR experts must be addressed. These challenges need to be resolved by many parties: legislators, CERT teams, cooperation partners and international organisations.”
For full reports:
