G’day mate, howsitgoing?


Karl Hanmore

Senior Security Strategist (aka Sergeant Grunt)

Getting the job done, bringing the fight to the bad guys, good single malt whiskey

Cowards, talkers not doers, red tape, humidity

G’day, or should I say howdy, y’all. As the newest member of the Microsoft EcoStrat team, I figured I would do a quick self-introduction before getting down to work. I am a Senior Security Strategist with the Microsoft Security Response Center (MSRC) based in Redmond. Prior to my big move to the USA, I was the Operations Manager of AusCERT in Australia (that’s the place that is famous for kangaroos and Tim Tams, to ensure you didn’t think I meant Austria!) My role here at Microsoft varies, but at the very top of my list is ensuring that Microsoft strengthens its relationship with the global community of national and government Computer Emergency Response Teams (CERTs).

It was in that capacity that I was privileged recently to attend the GovCERT.NL symposium, hosted by the Dutch Government CERT in the city of Rotterdam. What an event! The Dutch government CERT, GovCERT.NL, put on a truly world-class event. I cannot recall ever having been to an event so well-polished and professionally presented. The program was rich, varied, and robust, with a number of international and domestic speakers. But for me, the highlight was the interaction in the CERT community.

Although the symposium is primarily focused on meeting the needs of GovCERT.NL’s constituents, the attendance from much of the international CERT community makes the event all that much more dynamic. The national CERT community is a thriving and robust effort, allowing teams across national borders to work together and deliver collective results to provide more protection to the ecosystem. If you are in government, law enforcement, or industry and you don’t know your national CERT, you don’t know what you are missing! I was fortunate enough to meet with quite a number of national CERTs during this event from the European region and as far afield as Asia. This was most useful, as the MSRC is looking to engage more strongly with the community of national CERTs. In addition, Mike Reavey, Director of the MSRC, was also able to attend, and not only sat on a panel, but also spent time talking in depth with several CERTs about the issues facing the CERT community as well as how to develop better working relationships. It is this open dialogue and the coalescence of like-minded individuals that tends to be a hallmark of CERT-based events. In addition to formal meetings on the days before and after the symposium, it was clear that the global CERT representatives present were spending quality time sharing techniques, discussing common strategies, and building stronger interpersonal relationships. It is still the case that interpersonal relationships are the life-blood of this community, but there have also been some strong moves towards establishing organizational-level relationships with increasing bilateral and multilateral formal relations. I am keen to watch this grow, and will assist where I can.

I consider these groupings of CERTs to be invaluable. We have all heard that the Internet is a global thing, with no concept of borders or jurisdiction. While this may be the case, this also implies that there is no one responsible for looking after the problems on the Internet. I see the Internet as a global ecosystem, and in any ecosystem you need those who keep order. That is where I see the role for the National CERTs, tackling the problems of the Internet on a nation-by-nation basis. It is something that every country can do, take responsibility for their “own patch”; it is the Internet version of “think globally, act locally”. It is important also to realize that Internet security is not a problem that can be fixed by law enforcement, or any other group, alone. CERTs perform an important role, not only providing advice and guidance, but also assisting with coordination and remediation. A CERT from one country knows that they can reach out to a trusted partner in another country to resolve an issue and that means the CERT only needs to know their own constituents and their fellow CERTs. In the absence of such a network, every CERT would need to be able to communicate with every organization, and potentially every individual, to resolve issues.

For a great practical example of a CERT working locally to assist in protecting the global ecosystem, I would recommend that you look at the work being done by CERT-FI and their Autoreporter service. This service is a great example of a CERT, working with feeds from the globally community, taking responsibility for their constituency and working to remediate the threat within their own borders. This is the sort of work I feel all CERTs globally should be looking to when considering how to be an effective and contributing member in the global security community. This sort of activity has helped the Finnish IP space to become one of the “cleanest” in the world, as called out in the recent Microsoft Security Intelligence Report volume 7. Great work CERT-FI!

I hope to see those national CERTs, who are not already a part of Microsoft Security Cooperation Program for CERTs (SCPcert), look at joining this initiative, as a first step in building a deeper and more substantive operational relationship with Microsoft. It is from the bedrock of this program that I hope to find new and innovative ways to assist the CERT community in the shared responsibility of protecting the ecosystem.

In conclusion, the GovCERT.NL event was great to attend. It gave me a quick refresher on just how much potential there is within the CERT community globally to work together, and with industry, to increase the level of ecosystem-wide security. I am looking forward to my part in working with and helping foster this important community

-Karl Hanmore, Senior Security Strategist

*Postings are provided “AS IS” with no warranties, and confers no rights.*