CSIRTs and CERTs

CERT/CSIRT teams have no official hierarchy that would make one team superior to another. All teams are equal in terms of functioning, communication, cooperation and exchange of information and are not limited in these areas. The existence of the so-called top national and government teams somewhat suggests that a hierarchy between teams exists, even though this is not the case. The only “hierarchy”, but rather it would be more appropriate to say “greater capacity to act”, gives the top team the legislation of the country, which regulates its powers (e.g. in the area of required response to security threats from network and service operators, etc.).

In the world of CERT/CSIRT teams, willingness to share important information about an incident and threats is key. To do this, it is essential that teams trust each other and also that users trust their teams. Gaining the trust of users and the community is a long-term task. Teams must show their qualities in all aspects of their operation and build credibility gradually – not only with the ability to help, but also the ability to ensure confidentiality and fair treatment of shared data, transparency of conduct, etc.