Supporting cyber security incident response teams

TNO improves cyber security incident response through better information exchange and communication between response team members. This improves team members’ awareness of the situation status, team activities and what still needs to be done. Better structured procedures and understanding of response processes, combined with an ICT tool for team members to use during operations, are key to better cyber incident response.

Springing into action at the drop of a hat, cooperating with different types of teams, huge amounts of unstructured information and little overview of the bigger picture. This is the daily reality of working in a Computer Security Incident Response Team – also known as a CSIRT.

CSIRTs are called in whenever there is a cyber incident, such as a cyber-attack, that threatens the cyber security. An attack may target, for example, a company or societal institution, such as a utilities provider or public transportation. CSIRTs look for the cause of the problem, they repair the damage and they make sure that operations return to normal.
CSIRTs work under enormous time pressure, in situations with much at stake, and in which there is no room for failure. These specialists benefit from good information management and information sharing, and from a shared understanding of both the situation with which they are dealing and of what other CSIRT team members are doing at any given moment.

TNO supports these teams with tools that improve communication between team members and the structuring of information essential to successfully completing their task. In addition, TNO provides support for better development and maintenance of shared situational awareness, that is, a shared understanding among team members of the situation and its status. TNO offers support in the form of ICT tools that keep CSIRT members up-to-date on the latest development in the crisis, the efforts to control it, and operational procedures.
In 2017 TNO applies our knowledge of human behavior and technology to improving CSIRTs’ performance. We draw from experience in cyber security in general and with CSIRTs in particular to pinpoint how best to offer support, both from an ICT and a Human Factors approach.

Early Research Program: Human Enhancement


Stay up to date with our latest news, activities and vacancies collects and processes data in accordance with the applicable privacy regulations for an optimal user experience and marketing practices.
This data can easily be removed from your temporary profile page at any time.
You can also view our privacy statement or cookie-information.