Forum of Incident Response and Security Teams explained

Forum of Incident Response and Security Teams
Formation:August 7, 1995
Abbreviation:FIRST.org
Type:501(c)(3) not-for-profit public charity
Headquarters:Cary, North Carolina
Leader Title:Chair of the board
Leader Name:Tracy Bills
Founded Date:1989
Num Members:750+ organizations from more than 110 countries

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams.[1] They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage.[2]

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents.[3]

History

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents.[4] It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014.[5]

Activities

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams.[6]

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community.[7] It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community.[8]

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities;[9] the Traffic light protocol for classifying sensitive information;[10] and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited.[11]

FIRST is a partner of the International Telecommunication Union[12] (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity.[13] The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide.[14]

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL.[15]

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions.[16] In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation.[17]

Internet governance implications

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities.[18]

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable".[19]

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to.[20]

Notes and References

  1. Web site: Forum of Incident Response and Security Teams.
  2. Web site: GUIDANCE FOR IMPROVING THE COMPARABILITY OF STATISTICS PRODUCED BY COMPUTER SECURITY INCIDENT RESPONSE TEAMS CSIRTs).
  3. Web site: The age of digital interdependence.
  4. Trusting Infrastructure: The Emergence of Computer Security Incident Response. Technology and Culture . 2020 . 61 . 1 . 173–206 . 10.1353/tech.2020.0036 . Slayton . Rebecca . Clarke . Brian . 32249219 . 214808905 . free .
  5. Web site: North Carolina Secretary of State Search Results. 2021-12-24. www.sosnc.gov.
  6. Web site: FIRST launches new code of ethics for incident response and security teams on Global Ethics Day. 2022-01-01. www.securitymagazine.com. en.
  7. News: 2017-06-13. FIRST conference focuses on handling security breaches. 2022-01-05. News Is My Business. en-US.
  8. Web site: Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards. 2022-01-05. www.securitymagazine.com. en.
  9. Web site: What is the CVSS (Common Vulnerability Scoring System)?. 2022-01-01. SearchSecurity. en.
  10. Web site: Darley. Trey. Schreck. Thomas. 2018-02-12. Why is Cyber Threat Intelligence Sharing Important?. 2022-01-01. Infosecurity Magazine.
  11. Web site: Pompon. Raymond. 2021-10-12. Prioritizing Vulnerability Management Using Machine Learning. 2022-01-05. F5 Labs. en.
  12. Web site: First. 2021-12-23. ITU. en-US.
  13. Web site: Forum of Incident Response and Security Teams. 2022-01-01. Australian Government Department of Foreign Affairs and Trade. en.
  14. Web site: Women in Cyber Mentorship Programme. 2022-01-03. ITU. en-US.
  15. Web site: 2020-05-18. FIRST updates guidelines for multi-party vulnerability disclosure. 2022-01-03. The Daily Swig Cybersecurity news and views. en.
  16. News: Isaac. Anna. 2019-09-18. WSJ News Exclusive Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches. en-US. Wall Street Journal. 2022-01-01. 0099-9660.
  17. Web site: Seener. Barak. Trump's Saudi pivot is a golden opportunity in terror fight. 2022-01-01. CNN. 8 June 2017 .
  18. Nye. Joseph S.. 2014. The Regime Complex for Managing Global Cyber Activities. Global Commission on Internet Governance. en-US.
  19. Web site: Baseley-Walker. Ben. Transparency and confidence-building measures in cyberspace: towards norms of behaviour.
  20. Tanczer. Leonie Maria. Brass. Irina. Carr. Madeline. 2018. CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy. Global Policy. en. 9. S3. 60–66. 10.1111/1758-5899.12625. 158740054 . 1758-5899. free.