[okfn-tw] Fw: [Bp_cybersec_2016] IGF workshop on critical issues in cybersecurity incident response

TH Schee info at motomosa.com
Tue Jan 9 02:29:45 UTC 2018


這場 IGF 的議程和台灣現況比較有關係,原因是:

- 台灣政府代表遠端「撥入」 IGF 某議程,造成媒體風潮
- 台灣的其他利益相關者也撥入,身份有二:(a) 政府單位 (b) 實質有 contractor 關係,但不必然綁在 CSIRTs 緊急應變和通報機制的公共採購上。不過這在 IGF 很常見,尤其在相對封閉的 CSIRTs 體系內,可能不用太驚訝
- 「資通安全管理法」和「關鍵基礎設施」
- 「數位國土 一寸都不能讓 [a]」和資通電軍
- 本來會去找 CSIRTs 的人(單位,無論是什麼性質)都被約談過,本來不會找的,之前也很怕被「畫進去」
- 總統府資安週由刑事警察局送的 USB 被發現感染病毒 [b],刑事警察局說阻斷就阻斷 [c]
- TWIGF 開始有人倡議自己來訂 CI 範疇

下面這封信的議題主要在 IGF Day 1 的 WS39 是談 CI(關鍵基礎設施)和 CSIRTs 機制的問題。剛好最近的「資通安全管理法」也是被拿作來處理這個議題法源依據,在臉書的 "TWIGF" 上引起不少討論,月底好像也有一場公聽會。我覺得對於 CSOs 會有參考的價值。但如前所述,CSIRTs 過去在台灣是個高度專業且封閉的領域,主談的「平台」也不會是 IGF,我收到這封信就想到了上面這些攸關台灣網路政策和發展的議題,分享出來交流。

[a] https://udn.com/news/story/10930/2554836
[b] http://news.ltn.com.tw/news/focus/paper/1166581
[c] http://talk.ltn.com.tw/article/paper/1167042

--
TH Schee
M: +1 (646) 820-0002 | +886-968-665002
[Open Knowledge Taiwan](http://okfn.tw) | [@scheeinfo](https://twitter.com/scheeinfo)

> -------- Original Message --------
> Subject: [Bp_cybersec_2016] IGF workshop on critical issues in cybersecurity incident response
> Local Time: January 8, 2018 11:12 PM
> UTC Time: January 8, 2018 3:12 PM
> From: maarten at first.org
> To: bp_cybersec_2016 at intgovforum.org
>
> Hi everyone,
>
> I wanted to share the outcomes of a workshop with you, which is relevant to the topics the BPF has been working on. This year, FIRST and Access Now jointly co-organized a workshop at the IGF (WS 39) which covered "critical issues in incident response". The goal was to learn from a set of experts, and other participants, what types of challenges make incident response involving more than one stakeholder group, more difficult.
>
> There are a few outcomes:
>
> - A video recording of the session is available at https://www.youtube.com/watch?v=d5YlPcQGSXg
>
> - A transcript of the discussion is available at https://www.intgovforum.org/multilingual/fr/content/igf-2017-day-1-room-xxvi-e-critical-issues-in-improving-cybersecurity-incident-response-raw.
> - Attached is a short summary, which brings together the key discussions and learnings from the session.
>
> The key issues discussed in the session include:
>
> - Information overload has in some cases led to an over-reliance on automation, which is degrading trust, as there are often misunderstandings behind the impact of an incident or abuse report.
> - The network of cooperation that CSIRTs have built only works effectively when there is trust between organizations. This trust can be affected by where a security team is positioned, and what organizations it is experienced at working with.
> - Human Rights can be taken into account during the work of CSIRTs. An enterprise operating a Product Security Incident Response Team (PSIRT) shares their experience.
> - Technical expertise is now more commonly criminalized. This makes it more difficult for incident responders to effectively deal with incidents, and hampers capacity building.
>
> Hope this proves interesting and helpful.
>
> Best regards,
> Maarten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/okfn-tw/attachments/20180108/eb5f5f86/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IGF Report - WS39 Critical Issues in Improving Cyber Security Incident Response.pdf
Type: application/pdf
Size: 64276 bytes
Desc: not available
URL: <http://lists.okfn.org/pipermail/okfn-tw/attachments/20180108/eb5f5f86/attachment-0003.pdf>


More information about the okfn-tw mailing list