A Cyber Security Incident Response Team (CSIRT) is a group of experts that assesses, documents and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents. S&T funds the CSIRT project to help CSIRT organizations at all levels of government and the private sector improve significantly through the development and application of superior approaches to incident response and organizational learning. Specifically, S&T will have a guide on how to best staff, train, support, and sustain CSIRTs, which will translate to a better overall cyber incident response capability.
Research is needed in this space because CSIRT teams are often dynamically formed and temporary in nature, assembled in response to specific incidents. In cyber incident response, teams often respond to problems or incidents that have not been seen before. There is no overarching set of guiding principles and best practices that CSIRTs can look to in terms of organization, training and execution.
The core research focuses on current best practices from a business organizational psychology perspective to clearly explain how incident response individuals and teams can best work to improve complex cyber incident response to be faster, more efficient and more adaptive. The work is being done by an academic/industry research team and in collaboration with the United States Computer Emergency Readiness Team and the National Cybersecurity and Communications Integration Center and our international government partners from the Netherlands and Sweden. This underscores the international applicability of the cybersecurity challenge and its value as a partnership and confidence-building mechanism. The interdisciplinary team working on the project includes a cybersecurity and software engineering researcher, organizational psychologists, economists and practitioners from a commercial partner with CSIRT expertise.
Program Manager: Scott Tousley
Prime: Dartmouth College Subs: George Mason University, Hewlett Packard