CSIRTs and CERTs

Currently, around 380 CERT/CSIRT security teams are officially constituted worldwide, which are either members of FIRST or the European TF-CSIRT platform (or both).

In the Czech Republic, 39 security teams of the CERT/CSIRT type are currently officially established and recognised by the Trusted Introducer, which makes the Czech Republic almost a world “superpower”, with only France, Germany and the United Kingdom competing in numbers. Of course, it is not about quantity, but above all about quality.

The first CERT/CSIRT security team that was established in the Czech Republic is the CESNET-CERTS security team (https://csirt.cesnet.cz/). It was officially constituted in 2003, and in January 2004 it was officially recognised by the international infrastructure and the Trusted Introducer. It is operated by the CESNET association[1] and is responsible for addressing and coordinating the resolution of security incidents in the CESNET e-infrastructure. Among other things, it deals with the development of security tools and also provides educational services for users in its sphere of influence.

Other teams were founded in the CZ.NIC association (CZ.NIC-CSIRT) in 2008, at Masaryk University in Brno (CSIRT-MU) in 2009, in the company Active24 (team Active24-CSIRT) in 2012 and within a project supported by the Ministry of the Interior of the Czech Republic CSIRT.CZ team (since 2011 National CSIRT CR).

We can observe a big boom in the field of building security CERT/CSIRT teams in the Czech Republic especially since 2013, when the Czech Republic faced a series of DDoS attacks on public web services. This event subsequently initiated the creation of the Fenix ​​project (https://fe.nix.cz/) on the grounds of the Czech peering center NIX.CZ.

The purpose of this project is to enable the availability of Internet services within the entities involved in this activity in the event of a DoS attack. The Fenix project has defined a number of technical and organisational rules that those interested in joining the project must meet, and one of them is also an officially constituted CERT/CSIRT team. This was an impulse for many organisations to formalise their security teams into a CERT/CSIRT team and integrate them into the international infrastructure.

Another motivating impulse that led to the constitution of new teams is the adoption and subsequent effectiveness of the law on cybersecurity. Many organisations have understood that security is worthwhile and that setting up a CERT/CSIRT brings benefits.

The current infrastructure of CERT/CSIRT teams in the Czech Republic, numbering 39 teams, consists of a national and government team, there are teams at the level of large ISPs, several teams in the academic sector, teams in the banking industry, IT companies, domain registrars and last but not least on the ground of the Czech peering center NIX.CZ, on the ground of the CZ.NIC association. Together, this is a very diverse and, as a result, robust and viable infrastructure, which includes experience from various industries. 

The current list of Czech CERT/CSIRT teams can be found at: https://tiw.trusted-introducer.org/directory/country_LICSA.html