Logo of the European Computer Security Incident Response Team Network (eCSIRT.net)

The European CSIRT Network


Vision Statement

eCSIRT.net focuses on the deployment of new techniques and practices that will satisfy the basic and existential need of incident response teams (CERTs or CSIRTs) to much more efficiently cooperate and exchange incident related data, and to collect shared data for statistical and knowledge-base purposes.

The take-up of techniques in trial form that is proposed here will serve the following goals:

  1. to enable a standardized and unambiguous exchange of incident related information between the CSIRTs involved;
  2. to enable the collection of standardized and unambiguous incident statistics to serve the CSIRTs involved, and in a generalized fashion the public;
  3. to enable the collection of standardized and unambiguous incident related data, followed by intelligent generation of warnings and emergency alerts, to serve the CSIRTs involved.

To enable the pursuit of these goals, it is necessary to agree on "standardized and unambiguous" procedures for exchanges.


The Need for CSIRT Co-operation

To compete in a global market increasingly dominated by multinational organizations and conglomerates, the European industry must build on a safe basis, developing and offering products as well as value added services in order to secure its business position. As the future of many interactions will depend on computer networks and it's application, there seems to be no replacement for the connectivity of all sites and each user, no alternative to the instant communication promised and offered by the Internet.

One of the most critical success factors for the acceptance of Internet based applications within the society is security. For example the communication on cyber crime calls out for:


Objectives of eCSIRT.net

The objectives of eCSIRT.net is to provide this, starting with the take-up of suitable solutions within the community of established CSIRTs. The dissemination and exploitation activities carried out within the project will benefit from the long-time involvement with international organizations, most notably FIRST as international forum of CSIRTs, TF-TERENA as European forum for CSIRTs, and the IETF as standardization forum for the Internet.

While the scope of the project clearly outlines the co-operation aspects within the CSIRT community, it also enables - for the first time - consolidated public and partners only statistics. This will allow the assessment of existing and emerging security threats supported by the expert assessment by the participating experts. Forward-looking responses will in addition be supported by the work of all CSIRTs that evaluate and recommend best practices to avoid attacks and incidents or limit the impact of any incident if an attack cannot be avoided totally.

The following graph shows all alerts since the deployment of the IDS sensors. The deployment of each IDS sensor is marked in the graph at the according time.

[read more on the eCSIRT.net background …]


Some preliminary Results

The following graph shows all alerts since the deployment of the IDS sensor network across Europe. The deployment of each IDS sensor is marked in the graph at the according time.

The graphic is updated each day and is accessible for download or integration into other web sites as (please note: https is available as well to provide authenticated access!):

Find some more public statistics in our Service/Documents section.


Learn more about eCSIRT.net

Officially, the project ended on December 31, 2003. In due course - after the pending final review of the CEC - the final report will be made available here. Currently discussions within the TERENA TF-CSIRT and with other CSIRT communities are under way to continue the application of the developed solutions and approaches. We will provide pointers to successful take-ups here as well.

If you are interested about specific aspects of our project, please do not hesitate to contact us by sending email to ecsirt@pre-secure.com.


eCSIRT.net eCSIRT.net
The European Computer Security Incident Response Team Network
News | Sitemap | Imprint | Privacy Statement | Contact | Top
Last changed: January 13, 2004 / AL
Copyright © 2002-2004 by PRESECURE Consulting GmbH, Germany
Signed with PGP!This page is digitally signed with PGP! eCSIRT.net