At the same time, only 15% of CSIRTs surveyed subscribe to any cybersecurity and response mailing lists for domain name system (DNS) registry operators. Those CSIRTs that do not subscribe to mailing lists are interesting in obtaining the following types of information: DNS attack method trends, incident response techniques, DNS spoofing issues, new attack trends and methods of DNS-related incidents and effective response methods, knowledge about new vulnerabilities, case studies, and best practices.
National CSIRTs are government bodies that manage cybersecurity incidents that have national significance, such as criminal activities, espionage, economic interests, and terrorism, and that coordinate responses to cybersecurity threats by the private and public sectors. They also provide information about cybersecurity issues, vulnerabilities, and exploits and work with software vendors to create patches for security vulnerabilities. An example would be the Department of Homeland Security’s United States Computer Emergency Response Team (US-CERT).
For the survey, ICANN – the Internet Corporation for Assigned Names and Numbers – received responses from 26 of the 56 national CSIRTs currently in existence. Of the 26 that responded, 17 said that a contact point database for cybersecurity response and information sharing is needed to improve international incident coordination on cybersecurity issues. Most respondents said they currently use the WHOIS system to find points of contact for cybersecurity issues, despite inaccuracy of the WHOIS data.
Six of the CSIRTs said that an international coordination center is needed to improve incident response on cybersecurity issues.