Forum of Incident Response and Security Teams

FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents.{{Cite journal|title=Trusting Infrastructure: The Emergence of Computer Security Incident Response|journal=Technology and Culture |year=2020 |volume=61 |issue=1 |pages=173–206 |doi=10.1353/tech.2020.0036 |url=https://muse.jhu.edu/article/752964/pdf|last1=Slayton |first1=Rebecca |last2=Clarke |first2=Brian |pmid=32249219 |s2cid=214808905 |doi-access=free }} It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014.{{Cite web|title=North Carolina Secretary of State Search Results|url=https://www.sosnc.gov/online_services/Search/Business_Registration_profile?Id=10529500|access-date=2021-12-24|website=www.sosnc.gov}}

In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams.{{Cite web|title=FIRST launches new code of ethics for incident response and security teams on Global Ethics Day|url=https://www.securitymagazine.com/articles/93703-first-launches-new-code-of-ethics-for-incident-response-and-security-teams-on-global-ethics-day|access-date=2022-01-01|website=www.securitymagazine.com|language=en}}

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community.{{Cite news|date=2017-06-13|title=FIRST conference focuses on handling security breaches|url=https://newsismybusiness.com/conference-security-breaches/|access-date=2022-01-05|work=News Is My Business|language=en-US}} It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community.{{Cite web|title=Ian Cook and Don Stikvoort receive Incident Response Hall of Fame awards|url=https://www.securitymagazine.com/articles/93468-ian-cook-and-don-stikvoort-receive-incident-response-hall-of-fame-awards|access-date=2022-01-05|website=www.securitymagazine.com|language=en}}

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities;{{Cite web|title=What is the CVSS (Common Vulnerability Scoring System)?|url=https://www.techtarget.com/searchsecurity/definition/CVSS-Common-Vulnerability-Scoring-System|access-date=2022-01-01|website=SearchSecurity|language=en}} the Traffic light protocol for classifying sensitive information;{{Cite web|last1=Darley|first1=Trey|last2=Schreck|first2=Thomas|date=2018-02-12|title=Why is Cyber Threat Intelligence Sharing Important?|url=https://www.infosecurity-magazine.com/opinions/cyber-intelligence-sharing/|access-date=2022-01-01|website=Infosecurity Magazine}} and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited.{{Cite web|last=Pompon|first=Raymond|date=2021-10-12|title=Prioritizing Vulnerability Management Using Machine Learning|url=https://www.f5.com/labs/articles/cisotociso/prioritizing-vulnerability-management-using-machine-learning|access-date=2022-01-05|website=F5 Labs|language=en}}

FIRST is a partner of the International Telecommunication Union{{Cite web|title=First|url=https://www.itu.int:443/en/ITU-D/Cybersecurity/Pages/Global-Partners/first.aspx|access-date=2021-12-23|website=ITU|language=en-US}} (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity.{{Cite web|title=Forum of Incident Response and Security Teams|url=https://www.dfat.gov.au/international-relations/themes/cyber-affairs/cyber-cooperation-program/Pages/forum-of-incident-response-and-security-teams|access-date=2022-01-01|website=Australian Government Department of Foreign Affairs and Trade|language=en}} The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide.{{Cite web|title=Women in Cyber Mentorship Programme|url=https://www.itu.int:443/en/ITU-D/Cybersecurity/Pages/Women-in-Cyber/Women-in-Cyber-Mentorship-Programme.aspx|access-date=2022-01-03|website=ITU|language=en-US}}

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL.{{Cite web|date=2020-05-18|title=FIRST updates guidelines for multi-party vulnerability disclosure|url=https://portswigger.net/daily-swig/first-updates-guidelines-for-multi-party-vulnerability-disclosure|access-date=2022-01-03|website=The Daily Swig {{!}} Cybersecurity news and views|language=en}}

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions.{{Cite news|last=Isaac|first=Anna|date=2019-09-18|title=WSJ News Exclusive {{!}} Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches|language=en-US|work=Wall Street Journal|url=https://www.wsj.com/articles/huawei-suspended-from-global-forum-aimed-at-combating-cyber-security-breaches-11568805324|access-date=2022-01-01|issn=0099-9660}} In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation.{{Cite web|last=Seener|first=Barak|title=Trump's Saudi pivot is a golden opportunity in terror fight|url=https://www.cnn.com/2017/06/08/opinions/qatar-terrorism-fight-seener/index.html|access-date=2022-01-01|website=CNN|date=8 June 2017 }}

In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities.{{Cite journal|last=Nye|first=Joseph S.|date=2014|title=The Regime Complex for Managing Global Cyber Activities|url=https://dash.harvard.edu/handle/1/12308565|journal=Global Commission on Internet Governance|language=en-US}}

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable".{{Cite web|last=Baseley-Walker|first=Ben|title=Transparency and confidence-building measures in cyberspace: towards norms of behaviour|url=https://citizenlab.ca/cybernorms2012/BaseleyWalker2011.pdf}}

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to.{{Cite journal|last1=Tanczer|first1=Leonie Maria|last2=Brass|first2=Irina|last3=Carr|first3=Madeline|date=2018|title=CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy|journal=Global Policy|language=en|volume=9|issue=S3|pages=60–66|doi=10.1111/1758-5899.12625|s2cid=158740054 |issn=1758-5899|doi-access=free}}

{{reflist}}

Category:Technology consortia

Category:Security

Category:Internet

Category:Data security

*