Yesterday, CCN-CERT published the communiqué related to the re-launch of the CSIRT.es group, a forum that brings together the response teams to Spanish incidents or areas of action in Spain, and whose objective is to centralize the exchange of information and facilitate coordination between these very teams.
CSIRT.es currently consists of more than twenty teams and, as indicated in the press release, public and private actors from different sectors are represented, with different objectives … but they have many points in common; the main one, by definition, to provide a response capability to a given community. And that capability today cannot work if it is intended to operate independently and isolated from other teams: it necessarily requires direct collaboration with third parties. Beyond forums such as FIRST or TF-CSIRT, we believe that a point that enables collaboration between CSIRT and areas of action in Spain is more than interesting and necessary.
For this reason, and many others, from S2 Grupo CERT, a member of the Spanish CSIRT community, we consider this initiative very important, retaking the role of CSIRT.es as a forum that should improve trust relationships between groups, should institutionalize them ( at least to some extent) and should be an element of common improvement of the capabilities of the different CSIRTs operating in Spain, each with its own particular casuistry but all of them with many elements in common, as we have indicated. We believe that sharing experiences and knowledge and enhancing this exchange of information that is talked about so much but, in practice, is not always so perfect (in PowerPoint everything works … in real life it is more complicated ;), they must be the main reason of the existence of the forum.
We will not expand on this post so as not to repeat what has already been said by CCN-CERT. During 2018, S2 Grupo CERT will share with CSIRT-CV the coordination of the group, the task for which both IrisCERT and CCN-CERT support us with their experience, and from this coordination we hope to help achieve the objectives of the forum, support the improvement of national capabilities and, above all, try to learn a little more so that when the next WannaCry materializes, or when the next vulnerability is published (with a logo or not ‒ it is not important) we can respond better. And all this, when the Morris Worm, and shortly after the first CERT, are about to turn thirty. A lot has happened since then…