Next World Cyber-security Contest Launched by FIRST, CERT Coordination Center

Pittsburgh, PA, February 25, 2009 – The second international competition honoring best practices and advances in safeguarding the security of computer systems and networks was announced today by FIRST (the Forum of Incident Response and Security Teams) and the Carnegie Mellon Software Engineering Institute CERT Coordination Center (CERT/CC).

And once again, the purpose is not just to reward practitioners for excellence in the security field, but to provide new utilities that will help make the cyber world a safer place.

The winners will be announced at the 21st Annual FIRST Conference, June 28 – July 3, 2009, at the Hotel Granvia, Kyoto Station, Kyoto, Japan.

The theme for this year’s best practices contest is “Detect,” reflecting the second phase of a computer security incident response team’s cycle of activity: protect, detect, respond, and sustain. The inaugural awards in 2008 focused on the “Protect” phase.

Jeffrey Carpenter, technical lead for CERT/CC’s incident response team, said the purpose of the awards from the two organizations is to honor experts worldwide who have developed best practices to prevent cyber attacks or mitigate attacks that are unfolding.

“Front line security experts who work diligently to protect their organizations and mitigate attacks are under-recognized for their work,” Carpenter explained. “This competition offers them the opportunity to be recognized and honored by their peers worldwide.”

Peter Allor, FIRST Steering Committee member and conference liaison, said: “This exercise is in line with our mission to develop and share technical information, tools, methodologies, processes and best practices in order to promote a safer and more secure global electronic environment.

“We thank CERT/CC for sponsoring this competition to advance and reinforce our mutual goals.”

Any working group, team, organization or individual who has developed a best practice is eligible to enter the competition. Top prize is $5,000, and the runner-up will receive $2,500.

Last year’s winners under the banner “Protect” were TWNCERT, Chinese Taipei, and KrCERT/CC from the Republic of Korea, who investigated respectively the reasons that malicious internet attacks succeed and the most likely sources of spam. Both teams’ pioneering work was made freely available on the web to further the cause of internet security.

Submissions for this year’s awards must be received no later than Thursday, April 30, 2009, at 23:59 U.S. Eastern Daylight Time (UTC-4), which is 03:59 G.M.T. (Friday May 1, 2009).

Submissions must encompass the “Detect” theme. FIRST and CERT/CC define detect actions as information about potential incidents, vulnerabilities, or other computer security or incident management information that is gathered either reactively (received from internal or external sources in the form of reports or notifications) or proactively (monitoring indicators of possible incidents or the exploitation of vulnerabilities through mechanisms such as network monitoring or IDS).

“In each case we are looking for the most innovative strategies and solutions that can be translated swiftly into worldwide best practice to reduce global security threats,” said Carpenter “So as well as honoring excellence, this is a competition designed to have a pragmatic and truly useful outcome throughout the worldwide cyber community.”

FIRST’s 2009 conference, which has as its theme recovery from disaster, and the lessons and crafts that can be learned from the processes of recovery, is already drawing key international players from the world of cyber security to speak and participate.
For further information and to submit papers to the Best Practice Competition, go to: http://www.first.org/global/practices or email first-2009bp@first.org. For further information about, and to register to attend the FIRST Kyoto conference, go to http://conference.first.org/

About FIRST
The worldwide Forum of Incident Response and Security Teams is a nonprofit organization that leads the world’s fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from some 200 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania. For more information, visit www.first.org.

About Software Engineering Institute CERT/CC
The Software Engineering Institute (SEI) is a U.S. Department of Defense federally funded research and development center operated by Carnegie Mellon University. The SEI helps organizations make measured improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. The CERT Coordination Center (CERT/CC) is part of the larger SEI CERT Program and serves as a center of enterprise and network security research, analysis, and training within the SEI. For more information, visit the CERT Web site at www.cert.org and the SEI Web site at www.sei.cmu.edu.

Contact Information

Frank Wintle

FIRST Communications

PanMedia

Contact via E-mail