Status
This report is for INFORMATION. The full paper discussed below is available and feedback from TTC members is welcomed.
Information for TTC Members
In 2012, TF-CSIRT underwent a re-chartering process to move the task force away from a traditional task force model, in order to establish it as an entity with defined membership and to bring the task force closer to the services associated with the security work within TERENA (TRANSITS and Trusted Introducer). This was driven by a paper written by the TF-CSIRT Secretary at the time (Kevin Meynell) supported by a small group of experts in the community . This process proved to be quite difficult and complex, and a revision was made to the terms of reference in 2013 to clarify certain processes that did not work effectively in the first re-chartering.
As part of this process it became clear that there is still a misalignment between Trusted Introducer as a service and TF-CSIRT as a membership organisation. Processes between TF-CSIRT and Trusted Introducer were not fully aligned (for example signing up members to mailing lists) and the membership types in TF-CSIRT compared to Trusted Introducer can cause confusion. TF-CSIRT has also identified more work it would like to as a group – including better support for new members and wider engagement of groups at meetings. In short, whilst the re-chartering has established the concept of a TF-CSIRT membership, more work is needed on TF-CSIRT as a group and in relation to its services to make that membership effective. It is still not clear whether use of TI is a benefit of TF-CSIRT membership, or if TF-CSIRT membership is a benefit of TI.
If TF-CSIRT wishes to grow the concept of TF-CSIRT as a membership entity another issue to be addressed is its definition as a “task force” within TERENA and its core funding from GÉANT. In the original paper, these two issues were purposefully left unaddressed (although acknowledged). With the planning for GN4 now on going, it is time to address these points.
Nicole Harris has prepared a paper addressing three core points, that will be presented to the TF-CSIRT Steering Committee.
- Should TF-CSIRT continue to rely on GÉANT project funding and should this be evenly applied to all members?
- Should work be undertaken to ensure that there is an appropriate contingency for the TF-CSIRT events outside of the GÉANT budget?
- What increase should be applied to the TI fees in 2015 and should the approach to listed CERTS be changed?
The following recommendations are made:
- Should TF-CSIRT continue to rely on GÉANT project funding and should this be evenly applied to all members?
TF-CSIRT will continue to be funded as normal under the GN4 project and it is recommended that this process be kept in place as long as it is viable. It is however necessary to ensure the members are aware of this reliance and that with any project funding, long-term sustainability could be an issue.
- Should work be undertaken to ensure that there is an appropriate contingency for the TF-CSIRT events outside of the GÉANT budget?
It is recommended that an increase in Trusted Introducer fees takes account of increasing the reserve held at TERENA in order to allow for any unusual issues or requests that might impact on our ability to run any given TF-CSIRT event.
- What increase should be applied to the TI fees in 2015 and should the approach to listed CERTS be changed?
It is recommended that members first be consulted on whether they wish to maintain the status quo in terms to approaches to charges within the TF-CSIRT environment, or whether they wish to consider an alternative model (e.g. some charges for listing, some event fees etc.). It is recommended that the accreditation fee should be increased to 1200 euros per annum in this model, which is a significant increase. Charges would be introduced from September 2015.
It is also recommended that some alternative models should be mocked-up to present to members alongside this option asap. Possible options include event fees for listed certs, a small charge for listing, or levying a surcharge on certification.