It's More Than Security: How Computer Security Incident Response Teams Can Contribute to the Construction of a Better Cyber Sphere

By: Efrat Daskal

The increased sophistication of cyber-attacks demonstrates the need for a better understanding of the cooperative security measures needed to prevent to cybersecurity emergencies. One of the most potentially effective means for achieving this goal is the work of CERTs/CSIRTs - teams of civilian technological experts who are responsible for preventing, detecting and solving cybersecurity problems. This study focuses on the work of the national teams, which exist in over 100 countries. The teams, which are supervised by their respective governments, are in charge of handling cyber security problems at the national level, but at the same time, they collaborate with their international colleagues. As a result, their work is an interaction point between three stakeholders: the nation state, the global information technology community, and the public in their respective coutnreis. In every country, this triple interaction constructs a different modus operandi for each national CSIRT (nCSIRT), thereby transforming the nCSIRT in some states into an isolating, and even controlling, mechanism in the hands of the government and, in other states, into a liberating and internationally unifying instrument. The lack of sufficient data concerning the effectiveness of nCSIRT inspires this study, which asks: What characterizes an effective nCSIRT? To answer this, I plan to combine two research methods which aim to create a thick description of nCSIRT operations: (1) a quantitative content analysis of 13 nCSIRTs websites and (2) in-depth interviews with several nCSIRTs from around the world. The results of this study can deepen our knowledge of the various approaches for solving cybersecurity problems, contribute to the creation of an improved cyber security policy and shed light on the theoretical conceptualization of state's responsibility in matters of cyber security.