Jump to content

Forum of Incident Response and Security Teams

From Wikipedia, the free encyclopedia
Forum of Incident Response and Security Teams
AbbreviationFIRST.org
FormationAugust 7, 1995
Type501(c)(3) not-for-profit public charity
HeadquartersCary, North Carolina
Members
750+ organizations from more than 110 countries [1]
Chair of the board
Tracy Bills
Key people
  • Tracy Bills, President
  • Chris Gibson, Executive Director
Websitewww.first.org

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams.[2] They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage.[3]

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents.[4]

History

[edit]

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents.[5] It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014.[6]

Activities

[edit]

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams.[7]

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community.[8] It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community.[9]

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities;[10] the Traffic light protocol for classifying sensitive information;[11] and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited.[12]

FIRST is a partner of the International Telecommunication Union[13] (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity.[14] The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide.[15]

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL.[16]

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions.[17] In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation.[18]

Internet governance implications

[edit]

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities.[19]

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable".[20]

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to.[21]

References

[edit]
  1. ^ "FIRST members".
  2. ^ "Forum of Incident Response and Security Teams".
  3. ^ "GUIDANCE FOR IMPROVING THE COMPARABILITY OF STATISTICS PRODUCED BY COMPUTER SECURITY INCIDENT RESPONSE TEAMS CSIRTs)".
  4. ^ "The age of digital interdependence" (PDF).
  5. ^ Slayton, Rebecca; Clarke, Brian (2020). "Trusting Infrastructure: The Emergence of Computer Security Incident Response". Technology and Culture. 61 (1): 173–206. doi:10.1353/tech.2020.0036. PMID 32249219. S2CID 214808905.
  6. ^ "North Carolina Secretary of State Search Results". www.sosnc.gov. Retrieved 2021-12-24.
  7. ^ "FIRST launches new code of ethics for incident response and security teams on Global Ethics Day". www.securitymagazine.com. Retrieved 2022-01-01.
  8. ^ "FIRST conference focuses on handling security breaches". News Is My Business. 2017-06-13. Retrieved 2022-01-05.
  9. ^ "Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards". www.securitymagazine.com. Retrieved 2022-01-05.
  10. ^ "What is the CVSS (Common Vulnerability Scoring System)?". SearchSecurity. Retrieved 2022-01-01.
  11. ^ Darley, Trey; Schreck, Thomas (2018-02-12). "Why is Cyber Threat Intelligence Sharing Important?". Infosecurity Magazine. Retrieved 2022-01-01.
  12. ^ Pompon, Raymond (2021-10-12). "Prioritizing Vulnerability Management Using Machine Learning". F5 Labs. Retrieved 2022-01-05.
  13. ^ "First". ITU. Retrieved 2021-12-23.
  14. ^ "Forum of Incident Response and Security Teams". Australian Government Department of Foreign Affairs and Trade. Retrieved 2022-01-01.
  15. ^ "Women in Cyber Mentorship Programme". ITU. Retrieved 2022-01-03.
  16. ^ "FIRST updates guidelines for multi-party vulnerability disclosure". The Daily Swig | Cybersecurity news and views. 2020-05-18. Retrieved 2022-01-03.
  17. ^ Isaac, Anna (2019-09-18). "WSJ News Exclusive | Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches". Wall Street Journal. ISSN 0099-9660. Retrieved 2022-01-01.
  18. ^ Seener, Barak (8 June 2017). "Trump's Saudi pivot is a golden opportunity in terror fight". CNN. Retrieved 2022-01-01.
  19. ^ Nye, Joseph S. (2014). "The Regime Complex for Managing Global Cyber Activities". Global Commission on Internet Governance.
  20. ^ Baseley-Walker, Ben. "Transparency and confidence-building measures in cyberspace: towards norms of behaviour" (PDF).
  21. ^ Tanczer, Leonie Maria; Brass, Irina; Carr, Madeline (2018). "CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy". Global Policy. 9 (S3): 60–66. doi:10.1111/1758-5899.12625. ISSN 1758-5899. S2CID 158740054.