CSIRTs and CERTs

National and government teams are a special form of CERT/CSIRT teams. They treat other CERT/CSIRT teams as equals, but their role throughout the system is different.

National CERT/CSIRT acts as a kind of last resort where it is possible to request intercession, assistance and intervention. Its goal is (within the state or area where it operates) to mediate contact between a victim and a perpetrator of the problem and help successfully address the problem. National teams (usually) do not control the physical infrastructure, so they do not (unlike internal/institutional teams) have the opportunity to intervene directly. Their role consists in mediating contact, or in coordinating (hence this type of team is called a coordination team) the procedure of individual troubleshooters in the event that the problem is more extensive and its solution requires the cooperation of several components.

From the principle of the functioning of the whole structure, incidents that pass through the system of the national CSIRT are usually only a fraction of the total number. Most incidents are resolved through direct communication, without the need for escalation and mediation. The national team thus receives mostly incidents that cannot be addressed otherwise (those responsible refuse to address them; it is not easy to identify who is responsible for addressing them), very serious or recurring problems, or problems that may have a general impact, etc.

The national CERT/CSIRT usually has training and cooperation in its job description. It is both consciousness raising with regard to the public and an operation within the Internet infrastructure. The aim is to support the creation of additional CERT/CSIRT teams in the country, their introduction to the international scene and support in the implementation of standard procedures and methods. All this significantly increases the transparency of the environment and gives the victims a chance to effectively seek redress.

A Government CERT/CSIRT usually focuses on the area of ​​state administration and self-government and on resolving incidents that threaten the security of the state and its services. A government CERT/CSIRT can take the form of an internal team with the possibility of direct intervention in the event of a problem. Its existence is usually supported by legislation.

However, the above is not dogma, and the situation varies from country to country. There are countries where only the national team works (and also serves as the government team); there are countries where the government team works (and plays the role of the national team); there are countries where both exist; there are countries where there is neither and the role of the top team is replaced by one of existing teams, etc.