Eight Russian cyber incident response centers were excluded from the FIRST (Forum of Incident Response and Security Teams) International Community. Among them are the Center for Monitoring and Response to Computer Attacks of the Bank of Russia (FinCERT), the Russian Center for Response to Computer Incidents (RU-CERT), centers at Kaspersky Lab, BI.ZONE (a subsidiary of Sberbank), Jet Infosystems , Rostelecom-Solar, Information Security Laboratories, Infosecurity (part of Softline).

In addition, FIRST suspended cooperation with two Belarusian centers.

The community explained its decision by the new US export control rules. At the same time, the measure did not affect those Russian companies that moved their head office abroad, including Group-IB.

FIRST appeared in 1990 to combat computer threats. The goal of the community was to overcome language barriers, differences in standards, and so on.

FIRST included 612 teams, including Apple, IBM, BMW, and others.

Rostelecom-Solar joined the community in June 2021 and noted that this would allow the company to gain access to the international database of current incidents.

According to a source in the information security market, incident response teams work in different countries with different organizations, and their experience varies greatly, and FIRST allowed to consolidate forces. According to him, the Russian centers will continue to exchange data with each other.

Another source called the situation “unpleasant, but not critical”: “FIRST, although useful, is far from the only source of data on cyber threats. The current situation should lead to an unprecedented rallying of key domestic players in the information security market, including the exchange of their information about threats.”

Cybersecurity expert Alexei Lukatsky confirmed that the Russian centers continue to operate, and their knowledge and experience will not go anywhere. But he called the FIRST decision a "wake-up call." Lukatsky admits that other international cybersecurity organizations could follow suit. Thus, the international association of specialists in the field of IT management ISACA has already stopped accepting exams for Russian specialists. At the same time, the American company SANS has not allowed Russian cybersecurity specialists to undergo training for 1.5 years. According to Lukatsky, all this can complicate direct access to knowledge.

The representative of the press service of the Bank of Russia promised that the exclusion from FIRST would not affect the tasks and goals of FinCERT, since it "has a sufficient number of sources of information about computer attacks, and also interacts with all CERTs located on the territory of Russia and other friendly countries."

A Kaspersky Lab spokesman speaks of disappointment with the FIRST decision, as "it hits the entire international community of experts and the entire information security industry and calls into question the fundamental principle of trust." “We strongly disagree with the FIRST decision and look forward to a constructive discussion of this issue,” he says.

The day before, the global association of telecom operators and equipment manufacturers GSMA expelled the Russian MegaFon from its membership. The operator has been a member of the association since 1995. Analysts attribute the exclusion of MegaFon from the association with sanctions against businessman Alisher Usmanov, who founded USM Holdings. USM structures own 100% of the operator's shares.

bbabo.Net