Enabling the Sustainability and Success of a National Computer Security Incident Response Team

A national computer security incident response team (CSIRT) serves a unique role in protecting and defending its country or economy from cybersecurity incidents that can have an impact on national or economic security and public safety. It serves as a center of technical capability for the prevention, detection, and response coordination of cybersecurity incidents. A national CSIRT can be inside or outside of government, but it must be specifically recognized by its government as having responsibility in the country or economy. Over the past thirty years, more than 130 national CSIRTs have been established. Also during this time, organizations have produced various documents and resources that address best practices for creating and managing CSIRTs, including national CSIRTs. However, because of differences in culture, economics, and government structure, the organization and responsibilities of national CSIRTs vary among countries and economies. Such differences include how many national CSIRTs serve a country, where they are located, who their constituencies are, and the nature of their services and responsibilities. With so many variables, how is it possible to ensure the sustainability and success of a national CSIRT?