How National CSIRTs Operate: Personal Observations and Opinions from MyCERT

Abstract

Computer Security Incident Response Teams (CSIRTs) have been established at national and organisational levels to respond to and mitigate cyber incidents. National CSIRTs play a critical role in defending a nation's infrastructure from cyber attacks. However, the research literature lacks studies that can provide first-hand insights on current operational practices in national CSIRTs and challenges faced by staff at national CSIRTs. This paper provides personal observations and opinions from two members of staff at MyCERT (Malaysia's national CSIRT), regarding important areas of national CSIRTs' operational practices including cross-CSIRT collaboration, the lack of systematic use of data and tools, and the lack of evaluation of data and tools used. We hope this paper can help stimulate more research and work to address some of the gaps we identified.