ENISA & The CERT Community

Steve Purser

Head of Technical Competence Department

17 June 2010

Who are we?

The European Network & Information Security Agency (ENISA) was formed in 2004.

The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security.

We facilitate the exchange of information between EU institutions, the public sector and the private sector.

Activities

The Agency’s principal activities are as follows:

Advising and assisting the Commission and the Member States on information security.

Collecting and analysing data on security practices in Europe and emerging risks.

Promoting risk assessment and risk management methods.

Awareness-raising and co-operation between different actors in the information security field.

CERT is an acronym for Computer Emergency Response Team.

ENISA supports the Member States and other stakeholders to establish and operate CERTs by:

Providing help with the establishment of new CERTs.

Identifying good practice on how to operate CERTs.

Supporting training and exercises.

Recommending a set of “baseline capabilities” for national / governmental CERTs.

See : https://www.enisa.europa.eu/act/cert/

Supporting The CERT Community

National / governmental CERTs are of particular interest to ENISA due to their link with policy makers.

These CERTs play a major role in protection of CIIP in the Member States.

The EC CIIP Communication, states that a “well functioning” national / governmental CERT in each Member State is mandatory”.

National / Governmental CERTs

National / Government CSIRTs in Europe 2005

National / Government CSIRTs in Europe spring 2010

FinlandFranceGermanyHungaryThe NetherlandsNorwaySwedenUK

PLANNED:Czech RepublicCyprusIcelandIrelandGreeceLuxembourgPolandPortugalSlovakia

Outside EU:Most formerSovietRepublicsSouth Africa

Evolution (1)

PLUS:AustriaBelgiumBulgariaEstoniaItalyLatviaLithuaniaSpain

The number of national / governmental CERTs is growing, but still there are gaps.

Capabilities of national / governmental CERTs still vary a lot among the Member States.

Cross-border cooperation among teams exists, but can be improved.

The level of responsibility and number of tasks assigned to CERTs is increasing.

http://www.enisa.europa.eu/act/cert/background/inv

Evolution (2)

WARPs

WARP is an acronym for Warning, Advice and Reporting Point.

Main role is to facilitate the exchange of security related information within the community.

ENISA believes that WARPs are an excellent alternative to CERTs for small, trusted communities of users with similar levels of expertise.

ENISA featured the WARP model in the European Information Sharing and Alert System Feasibility study (EISAS).

ENISA helps CERTs to enhance their capabilities by developing good practice guides.

Examples include:

Setting-up and operating CERTs

Training, exercising and piloting of projects

Basic services like incident handling

Enhancing cross-border cooperation

Good Practice Guides

2005: Stocktaking

2006: Setting up & Cooperation

2007: Support OperationQuality Assurance

2008: CERT Exercises

2010:CERT Baseline Capabilities

[…]

2009:CERT Exercises Pilots

Work To Date

11

Step-by-step description on how to establish a CERT.

Overall strategy for planning and setting up a CERT.

Developing the Business Plan.

Promoting the Business Plan.

Examples of operational and technical procedures (workflows).

CERT training.

Exercise: Producing an advisory.

Project Plan.

Example: CERT Establishment

A students version …

… a teachers version …

… plus Live-DVDs …

… EXERCISE! Based on “real” life examples!

Example: CERT Exercise material

Example: CERT exercise pilots

Questions?