As a computer systems expert, Margrete Raaum in Norway has seen her fair share of cybersecurity incidents. When asked to recall a memorable one, the Oslo-based Raaum remembers an attack about four years ago on a high-performance computer facility serving several European universities.

Margrete Raaum
Margrete Raaum. Photo by Ståle Askerød Johansen (CC BY-SA 4.0).

“It was a hack,” Raaum says. Someone had stolen credentials at one university and from there found vulnerabilities within the system, installed a backdoor and began “sniffing” everyone’s passwords and certificates.

“All the research communities using the facility were affected,” Raaum adds. “Medical research, physics, meteorology.” The attackers could potentially leverage these enormous computing resources in further attacks, or use the break-in as a gateway to other trusted facilities, Raaum explains.

To make matters worse, the issue was discovered during a holiday, when many university staff were away from their desks.

Fortunately, victims of major hacks like this can look to resources like FIRST (Forum for Incident Response and Security Teams), a global network of volunteer cybersecurity experts. Raaum is a FIRST member and the former chairwoman. And when she faced that hack four years ago, FIRST’s connections and reservoir of best practices helped her fix the issue.

The university reset passwords and alerted all affected parties. Going forward, they became much more diligent about patching vulnerabilities and monitoring for suspicious behavior.

FIRST – active in more than 80 countries – got its start 28 years ago when the Internet was in its infancy. “In November 1988, a computer security incident known as the ‘Internet worm’ brought major portions of the Internet to its knees,” reads FIRST’s history webpage. “Reaction to this incident was isolated and uncoordinated, resulting in much duplicated effort, and in conflicting solutions.”

Cybersecurity response teams emerged in the wake of the worm, but a lack of common language and conventions made collaboration difficult. FIRST set out to better connect this community.

Today, FIRST has a broad scope: It deploys response teams to address incidents around the world. The network creates cybersecurity tools, works on malware analysis standards and develops recommendations for Internet governance. FIRST also provides fellowships for cybersecurity experts around the world, last year in Panama, Vietnam, Ecuador and Moldova.

FIRST is comprised entirely of volunteers. “We don’t have any employees,” Raaum says. Most of these volunteers are computer scientists. But the organization is eager to broaden its scope, Raaum says, and engage more legal experts and policymakers. FIRST funds its work through conference sponsorships and membership fees from local teams around the world.

These days, Raaum says many in the cybersecurity realm are concerned about the Internet of Things. “Fire and ventilation and air conditioning – safety mechanisms that are now very rapidly coming online, can either be held hostage or used in an attack.”

Still, Raaum sees bright spots, too. “FIRST is growing rapidly,” she says. And “policymakers are starting to get interested in the cybersecurity field. When more cybersecurity experts are pulled into policy-based decisions, that’s a good thing. When we get to a certain level of awareness, it will move faster,” Raaum adds. “Maybe we’ll catch up with the bad guys.”

Further reading: