In this paper, we examine the history, types, and culture of Computer Security Incident Response Teams (CSIRTs). Some CSIRT practitioners and policy-makers have differing views of what a national CSIRT should be, how it should operate, where it should be situated, and how it should relate to the rest of the computer security incident response network within its country. This brief is intended to provide a short history and overview of the culture of CSIRTs in order to help build a common understanding before examining some of the critical issues in greater depth in subsequent publications.
This brief is the first study in a series of papers on CSIRTs. The subsequent studies will shed light on recent and current trends in cybersecurity policy that relate to CSIRTs, embed CSIRTs in the broader cybersecurity discussion, look at how and when the principles of the CSIRT community coincide or conflict with other policy objectives and the relevance for cybersecurity, and examine ways to increase the cooperation and effectiveness of the global network of CSIRTs.
This paper is part of a joint project by New America and the Global Public Policy Institute (GPPi) called "Transatlantic Dialogues on Security and Freedom in the Digital Age." For more on the project, visit: www.digitaldebates.org.