SCIRT: working together to battle cyber security threats
Are you an operational security expert? If so, you should become a member of SCIRT. You will share information about current security challenges and exchange the latest tips & tricks with colleagues. SCIRT stands for SURFnet Community of Incident Response Teams.
Exchange tips & tricks on cyber security threats
In our forum, we discuss and analyse the latest cyber security threats. We discuss ideas, tips and tricks from several perspectives in order to successfully avert threats. In doing this, we predominantly focus on operational safety and security incident management (CERT/CSIRT).
Sharing knowledge in a variety of ways
Our goal is to raise the overall level of knowledge and experience to a higher level. In a fun manner, you will acquire more of the skills needed to practice the profession. We exchange knowledge with each other in different ways:
- digitally, for example via e-mail, and through our own wiki and secure messaging.
- at meetings, where you can get to know each other and exchange knowledge in a low-threshold and familar manner
- during workshops, for example, in the field of new cyber security techniques or tools
- at the annual two-day cyber security conference. This conference is jointly organised by SCIRT, the SCIPR community and SURFcert.
The meetings and workshops are organised at least 3 times a year.
How confidential is a piece of information? Tell it with colours
The Traffic Light Protocol (TLP) is a simple protocol used by cyber security professionals to indicate with colours how confidential a specific information exchange is. Everyone then knows how that information should be handled. It is crucial that everyone in the community gives the same meaning to the 4 TLP colours: TLP:RED, TLP:AMBER, TLP:GREEN and TLP:WHITE.
Meaning of the TLP colours
A basic principle of using TLP is that only the provider of information is "in control" of what recipients may do with it. Thus, recipients who are in doubt or wish to distribute more widely should always seek permission from the provider first.
- "For your eyes and ears only"
- The information is exchanged on a strictly confidential basis and is intended only for the direct recipients.
- The recipient may not distribute TLP:RED information further.
- Only the provider of the information may determine when, and under what conditions, the information may be further disseminated.
- The information is exchanged on a confidential basis and is intended for the recipients, but they may also share it with colleagues within their own organisation if there is a good reason to do so (need to know), for example to resolve a security problem.
- A recipient of TLP:AMBER information who passes it on to colleagues must explain to those colleagues that they should not disseminate the information further (in effect, the information becomes TLP:RED to them).
- The information is not public but may be reasonably shared within one's own community.
- For example, TLP:GREEN information may be shared within one's own institution as long as it does not become public.
- This is in principle public information that may be shared freely.
- Please note that original rights and obligations, such as copyrights, remain applicable.
Security experts working together
SCIRT's main objective is to bring together the knowledge of all the security experts in the institutions affiliated to SURFnet. We are a working group for the community, but also including people from the community. You can join SCIRT if you carry out CSIRT-related work within your institution. Even if you have not yet organised it in the form of a CSIRT.
Organisation of the SCIRT community
The current, elected chairman is Ewald Beekman (firstname.lastname@example.org), who is the IT Security Officer at the Amsterdam UMC. Don Stikvoort (email@example.com) is the secretary. Rogier Spoor (firstname.lastname@example.org) supervises and supports the SCIRT community from SURF.
The programme component content is prepared by a programme group consisting of the following members:
- Ewald Beekman - Amsterdam UMC
- Bauke Gehem - Summa College
- Lars Hameeteman - ErasmusMC
- Remon Klein Tank - WUR
- Rogier Spoor - SURF
- Don Stikvoort - Open CSIRT Foundation (external)
Close cooperation with SCIPR
We work together with the platform for information security officers in higher education: SCIPR. SCIPR focuses on security policy and governance; SCIRT on operational matters. The areas of focus are very closely related to each other, and the number of touchpoints is increasing. As a result, cooperation is becoming increasingly close.
You can only become a member of SCIRT if you have an e-mail address of an institution affiliated to SURFnet. As sensitive information is regularly shared within the SCIRT community, we have a code of conduct as well as a registration procedure. If you are interested, we would be pleased to provide further information about this to you. Send an e-mail to the secretary, Don Stikvoort: email@example.com.