This blog is an English translation of an article published in Version 2 on November 20th , 2023.
Danish Version: Cybersikkerhedsfolk kalder det "sort bælte" og "Champions League". Nu begynder flere at gå efter det
Several Danish cyber security teams are now starting to aim for the highest membership level at Trusted Introducer. It shows maturity and seriousness during an attack, but is also a little bit about blisters and then it is a paper tiger, several experts in the field of cyber security admit.
After many months of hard work, TDC NET's Cyber could Defense Center in September join an exclusive club.
At home, only JN Data is responsible for the banking sector cyber security that has previously obtained the certification at Trusted Introducer. It is equivalent to getting the black belt within cyber security, TDC NET itself stated in a press release.
"We are incredibly proud to receive the certification from Trusted Introduce, which is considered by many within the profession to be the one leading standard in the area,' said the security director at TDC NET, Karsten Brinkmann.
Trusted Introducer is referred to by many as an exclusive club. There is in day 9 Danish members of Trusted Introducer on the three membership levels. In alphabetical order:
CFCS Accredited (since October 12, 2011)
DKCERT Certification Candidate (since 23 March 2023)
Improsec CSIRT (DK) Accredited (since 13 September 2022)
IT Relation CDC (DK) Accredited (since 28 February 2023)
JN DATA CDC Certified (since December 18, 2020)
NetsCERT Listed (since November 21, 2022)
SektorCERT Accredited (since 23 August 2021)
TDC NET CDC Certified (since September 20, 2023)
Trifork Security CSIRT Listed (since 01 February 2023)
Worldwide, there are a total of approximately 500 members of the non-profit association Trusted Introducer. It is primarily European "security and incident response teams," often abbreviated CERT or CSIRT, which works professionally with cyber security and information protection. Trusted Introducer was established by European CERT in 2000 with the aim of creating a safe framework for exchange of knowledge on cyber security.
Cybersecurity's Champions League
The name Trusted Introducer derives from the idea that the members trust each other. They meet regularly and can exchange confidential information, e.g. in connection with clarification of cyber security incidents. This explains Henrik Larsen, head of DKCERT, which monitors the security of the Danish research network. He compares a certification with Trusted Introducer to playing in the Champions League in cybersecurity.
"With a certification, other companies will have more confidence in you team and therefore also share more information about attacks,' says Henrik Larsen.
DKCERT has helped to found Trusted Introducer and has been accredited since the beginning of the year 2000. Now they want to go after one themselves certification.
"There is a lot of paperwork involved, which we didn't do before deemed necessary. But now I have decided that we must take the step. Some of our Nordic colleagues have already done so. We have a ambition to complete it soon,' says Henrik Larsen. But a certification does not refer to the parent company security level, and this has not, for example, made TDC NET more secure, he explains. "Their incident team has gained greater recognition among us others. So it is not an expression of their generality.
When a team applies for membership, they must be nominated by two existing ones teams who know the applicant team. Only if none of the other 500 teams security level. However, there is prestige in having the certification, as it shows that you work systematically and have control over yours procedures in a wide range of parameters, both organizational and personnel-wise,' he explains.
Also at the energy companies' cyber defence, SektorCERT, are we ready to go for a certification, writes director Søren Maigaard. Due to the rush after the report of the attack on the energy sector Søren does not have time for an interview.
"We are accredited and can now - after almost a year in the qualifying period – start applying for the certification. We will definitely do that too –it's just a matter of making it fit in with the rest of us activities,".
Center for Cyber Security: Not a priority
The Center for Cyber Security has been accredited since beginning in 2000, but has no plans to become certified.
“CFCS is accredited in the Trusted Introducer programme, but has so far not prioritized to achieve certification. However, we can state that we generally works with ENISA's Maturity Assessment Model.” informs the CFCS press service in a written response to Version2.
ENISA is the European Information Security Agency, and their model corresponds to the same or even higher maturity than Trusted Introduce as more parameters are used at the highest level.
"My impression is that the Center For Cyber Security is a mature institution with control over things, so it just means that they stay assessed by an auditor other than Trusted Introducer,' notes Henrik Jensen.
Trifork: Not a need in the market
At the IT company Trifork, which has been listed since January 2023, has one assessed that there is no demand on the market to go further with accreditation or certification.
"At Trifork, we continuously assess which certifications and accreditations that add value to our business. We consider based on relevant competencies, legislation and the expectations and requirements our customers place on us. In IT security, it is currently primarily ISO27001 certification and NIS2 compliance, as the market demands. Therefore, we do not focus on Trusted Introducer certification,' reads a written quote from Triforks CCO, Michal Wätjen.
"Everyone should have this"
The interpretation that the market does not demand this is safety director at TDC NET, Karsten Brinkmann, disagrees. "In addition to the professional satisfaction that comes with the certification, this is of course about a strong cyber defense being something which more and more customers want, and which we also believe they can do expect from us as a network supplier,' says Karsten Brinkmann.
That experience is shared by Martin Kofoed, who is Executive Partner and Head of Cyber Security at ITM8/Improsec. Earlier he was responsible for JNData being the first to be certified, and so he is one of two Danish certified auditors at Trusted Introducer.
"Although of course I have a commercial interest in this, I am a big advocate of Trusted Introducer. I mean everyone there working with the handling of security incidents should have it and make demands on subcontractors to get it in place, says Martin Kofoed.
The Cybersecurity team in ITM8/Improsec is just preparing their team for a certification after it required probation as accredited now is coming to an end.
Questions of survival
Martin Kofoed believes that the increased interest in Trusted Introduce and the SIM3 framework is due to the introduction of the cyber directive NIS2, which puts pressure on more companies to strengthen their cyber security. "It shows that you have a well-documented process in your organisation to handle a security incident. It can be a question about survival for a company, that you have it in place," he says
Martin Kofoed and adds: "The other important part is that we become part of a serious Community. We were in Bilbao last year with a ransomware case and shared knowledge with some of the best teams in the world. In addition, is Of course, it's also nice to be impartially recognized for that the company's maturity in handling security incidents,' says Martin Kofoed.
JNData has stated that they do not wish to participate in this article.