IGF 2023 WS #396 CSIRTs: A Global Dialogue with Cyber Incident Responders

Monday, 9th October, 2023 (23:30 UTC) - Tuesday, 10th October, 2023 (00:30 UTC)
WS 5 – Room B-2

Organizer 1: Koichiro Sparky Komiyama, 🔒JPCERT/CC
Organizer 2: Masae Toyama, 🔒JPCERT/CC

Speaker 1: Masae Toyama, Civil Society, Asia-Pacific Group
Speaker 2: Serge Droz, Technical Community, Western European and Others Group (WEOG)
Speaker 3: Jean-Robert Hountomey, Technical Community, African Group

Additional Speakers

Kaleem Ahmed Usmani(Technical Community, African Group) will replace Jean-Robert Hountomey. (modified on October 5th)


Koichiro Sparky Komiyama, Technical Community, Asia-Pacific Group

Online Moderator

Hiroki Mashiko, Private Sector, Asia-Pacific Group


Masae Toyama, Civil Society, Asia-Pacific Group


Round Table - 60 Min

Policy Question(s)

The UNGGE report 2015 set a norm to restrict harmful activities against national CSIRTs and prohibit them from malicious international activities. To further understand and navigate this, we need to address several critical questions: Q1. What is the exact definition and scope of CSIRTs? Q2. How can the modern CSIRT community maintain the level of neutrality expected in the UNGGE report? Q3. What actions should be undertaken to implement norm 13(k) in the UNGGE report? Q4. What specific regional cooperation is necessary to implement this norm?

What will participants gain from attending this session? This roundtable will engage participants in active discussion, expecting them to contribute and gain the following insights: - The evolving role and activities of CSIRTs in enhancing cybersecurity. - Insights into expectations for CSIRTs from policymakers within international fora like the United Nations, ASEAN, SCO, and others. - Understand the necessity of adopting country-specific or regional-specific approaches to global cybersecurity measures. - Identify the required policies, technologies, and philosophies to facilitate cross-border cooperation in cybersecurity.



Thirty years have passed since the inception of the world's first Computer Security Incident Response Team (CSIRT). Conceived as the 'fire department' of cyberspace, there are now more than 600 CSIRTs operating in over 100 economies within the private sector, government, and academia, to mitigate an increasingly volatile cyberspace environment. CSIRTs, in their role, have necessitated cooperation across borders, leading to the formation of regional CSIRT communities, including APCERT in Asia, AfricaCERT in Africa, OIC-CERT in the Islamic Middle East, PacSON in Pacific Island countries, and ASEAN-CERT in ASEAN member states. CSIRTs first came to the attention of international policy in 2015, when a report by the UN Group of Governmental Experts (UN GGE), adopted unanimously by the General Assembly, set out norms for responsible state behavior in cyberspace. The report also featured a norm to limit harmful activities against national CSIRTs, while prohibiting CSIRTs from undertaking malicious international activity. CSIRTs have gained a certain status in today's international community. However, the cooperation among CSIRTs is dwindling due to four significant challenges: (1) the nationalization of cybersecurity, (2) the increasing customization of cyber attacks, (3) commercialization, and (4) national CSIRTs transitioning into governmental organizations. This session invites representatives from CSIRT communities in Asia, Africa, and the global community to explore these challenges and devise possible strategies for practical cross-border cybersecurity cooperation.

Expected Outcomes

The roundtable aims to: - Elevate awareness about CSIRTs and their communities. - Discuss the impact of anti-globalism on societies and its implication in cyberspace. - Review necessary national, regional, and global actions to implement GGE norm 13(k). - Analyze the role of global and regional CSIRT communities, tech communities, government, and civil society in enabling cross-border cooperation.

Hybrid Format: - Utilize online tools that encourage active participation: We will have a dedicated staff to check and pick up questions from remote participants. We will have a polling or use Q&A features for instant feedback.