Combatting Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity

The increasing visibility and sophistication of cyber attacks, coupled with the global interconnection and dependence of the Internet, has created a need not only for specialized skills in the prevention of and response to cyber attacks but also for cooperation on a global scale. A “cyber regime complex” is emerging as governments, the private sector, the technical community and non-governmental organizations cooperate to secure cyberspace. Computer security incident response teams (CSIRTs) are key actors in the cyber regime complex that help the broader Internet community prevent and respond to cyber incidents through incident analysis and response, information sharing and dissemination, and skills training. Teams generally agree that cooperation could be strengthened through the enhanced and timely exchange of cyber threat information. However, a number of complex legal questions and a lack of trust among community members have discouraged sharing. This paper examines the role of CSIRTs in the emerging cyber regime complex and asks what might be driving the lack of trust and information sharing within the community. The commercialization of cyber security and threat vulnerabilities, the Internet’s development as a new power domain, the growth of the CSIRT community and the emergence of a cyber regime complex are examined as factors that are giving rise to and exacerbating existing problems around information sharing and trust.