The Computer Security Incident Response Team (CSIRT) at NORDUnet has completed the relevant procedures for re-certification under the auspices of the European cyber security organization TF-CSIRT.
“We are pleased to be able to maintain a top standing when it comes to cyber security. First of all, our collaborators can know that we follow best practice and observe the procedures recommended by TF-CSIRT,” says Rasmus Foss, Systems Security Engineer at NORDUnet.
TF-CSIRT develops and provides services for CSIRTs and promotes standards and procedures for handling security incidents, while also coordinates initiatives where appropriate. The scope is to be “a task force that promotes collaboration and coordination between CSIRTs in Europe and neighboring regions, whilst liaising with relevant organizations at the global level and in other regions”.
An organization wanting TF-CSIRT certification will initially become a listed member. Later, it can be approved to become an accredited member, and finally apply for certification. NORDUnet obtained its certification in 2015 and was re-certified for the first time in 2019.
All five Nordic NRENs (national research and education networks) are TF-CSIRT members. The NORDUnet team and the NREN teams meet monthly to exchange experience and coordination.
“Our main responsibility is the backbone network together with the services we provide both externally and internally. However, many threats are often dealt with by university cyber security departments or the NRENs, before they reach us,” explains Rasmus Foss.
While the new re-certification confirms that NORDUnet has a satisfactory level of staffing and procedures in place to deal with upcoming cyber-attacks according to TF-CSIRT, this should not lure anybody into a false sense of security, Rasmus Foss underlines:
“We do see a rising level of threats, just like everybody else. Therefore, we are constantly considering improvements both in terms of staffing and technical precautions.”
The new re-certification under TF-CSIRT is valid for the next three years.