CSIRTとSIRTとCIRTとCERT、多いのはどれ?

CSIRTの名称はそれぞれ好きなように決めてよいのですが、末尾の文字列にはパターンがあります。自社のCSIRTに命名をするときに、わたしもなぜこのようになっているのか調べたことがあります。

ところが先日、偉い方から「なんでバラバラなんだ?」と、以前に自分が抱いた疑問を同じように質問されていまいました。偉い人に対して細かな説明をするのは時間の無駄ですし、「特に意味はないです」とは答えにくいです。返答に窮しました。


そこで回答案ですが、「割合的にはこのようになっており、そもそもバラバラなものです」とお答えするのがよいのではないでしょうか。ということで集計してみました。

集計結果

日本CSIRT協議会とFIRSTについて、本日4/5現在の公式ウェブサイトに掲載されているメンバーリストを対象に、名称の集計をしてみました。

  CSIRT SIRT CIRT CERT IRT PSIRT その他 合計
日本CSIRT協議会 76 25 10 10 5 0 11 137
FIRST 40 21 18 175 14 9 69 346


(左:日本CSIRT協議会、右:FIRST)

日本CSIRT協議会の加盟チームでは、商標登録されているCERTの利用を避けて、CSIRTなどの略称を使用するケースが多いようです。次いで多いのがCERTと同じ発音になるSIRTやCIRTです。
国家代表的なCSIRTが多く加盟するFIRSTでは、CERTを冠する組織が圧倒的に多く、全体の半数を占めます。

日本CSIRT協議会の集計

CSIRT

"AGS-CSIRT", "AHA-CSIRT", "aratana-CSIRT", "ASY-CSIRT", "BN-CSIRT", "Bridgestone CSIRT", "Canon-CSIRT", "Canon-Elec-CSIRT", "Canon MJ-CSIRT", "CLP-CSIRT", "CyberAgent CSIRT", "DIR-CSIRT", "DL-CSIRT", "DMM.CSIRT", "DNP-CSIRT", "DOCOMO-CSIRT", "G-CSIRT", "GSX-CSIRT", "HAMA-CSIRT", "IBM-CSIRT", "IL-CSIRT", "InfoCICSIRT", "JCB-CSIRT", "JNB-CSIRT", "JOHOKU-CSIRT", "JPBank CSIRT", "KADOKAWA-CSIRT", "KB-CSIRT", "KDDI-CSIRT", "KEK CSIRT", "KEYWARE-CSIRT", "K-OPT CSIRT", "LINE-CSIRT", "M-CSIRT", "MELCO-CSIRT", "MI-CSIRT", "MS&AD-CSIRT", "NB-CSIRT", "NCSIRT", "NEC-CSIRT", "NetOne-CSIRT", "NII CSIRT", "NISSAY IT CSIRT", "NLI-CSIRT", "Nomura Group CSIRT", "OCE-CSIRT", "OKI-CSIRT", "Panasonic CSIRT", "PwC Japan CSIRT", "Recruit-CSIRT", "Resona-CSIRT", "SAKURA.CSIRT", "SCSK CSIRT", "SHIZUGIN-CSIRT", "SJ-CSIRT", "SL-CSIRT", "SMFG-CSIRT", "SoftBank CSIRT", "SOMPO HD CSIRT", "SSNB-CSIRT", "STARTIA-CSIRT", "SURUGA CSIRT", "SUMISEI-CSIRT", "SUMITEM-CSIRT", "SWC-CSIRT", "TDC-CSIRT", "TG CSIRT", "TMHD-CSIRT", "TOSHIBA-CSIRT", "UCSIRT", "VZJ-CSIRT", "YAMATO-CSIRT", "YMC-CSIRT", "7&i CSIRT", "7BK-CSIRT", "NICT-CSIRT"

SIRT

"BNESIRT", "CEC-SIRT", "Cy-SIRT", "D-SIRT", "iD-SIRT", "INTEC-SIRT", "I-SIRT", "JFE-SIRT", "KEIO-SIRT", "KKCSIRT", "K-SIRT", "MBSD-SIRT", "MB-SIRT", "MC-SIRT", "MY-SIRT", "NIKKEI-SIRT", "NTT Com-SIRT", "OBC-SIRT", "Shochu-SIRT", "SRIG-SIRT", "TEMP-SIRT", "TEPCO-SIRT", "TMC-SIRT", "TM-SIRT", "T-SIRT"

CIRT

"AhnLab CIRT", "CDI-CIRT", "DT-CIRT", "JBS-CIRT", "Met-CIRT", "Mizuho-CIRT", "NTT EAST-CIRT", "NTT WEST-CIRT", "OLYMPUS-CIRT", "Sep-CIRT"

CERT

"DeNA CERT", "FJC-CERT", "Fuji Xerox-CERT", "JPCERT/CC", "MUFG-CERT", "NTT-CERT", "NTTDATA-CERT", "Rakuten-CERT", "TOPPAN-CERT", "ToppanForms-CERT"

IRT

"B2SIRT", "FSIRT", "GREE-IRT", "HIRT", "mixirt"

その他

"AHIRU", "FFRI", "GMO 3S", "IIJ-SECT", "JSOC", "KLIRRT", "MBK-CSI", "NEXS.STC", "SecureBrain-ARL", "SMAC", "YIRD"

FIRSTの集計

CSIRT

"ACSIRT", "BGC-CSIRT", "CSIRT ANTEL", "CSIRT BNP Paribas", "CSIRT OLIMPIA", "CSIRT-CCIT", "CSIRT-ECB", "CSIRT-ETB", "CSIRT.CZ", "CSIRT.DK", "CSIRT.SK", "CSIRTBANELCO", "CSIRTFNB", "CSIRTPONAL", "DCSIRT", "DigiCSIRT", "DSTA-CSIRT", "e-LC CSIRT", "ECS-CSIRT", "Janet CSIRT", "KDDI-CSIRT", "KPMG-CSIRT", "LINE-CSIRT", "NCSIRT", "NGRID CSIRT", "RABOBANK CSIRT", "RoCSIRT", "Salesforce CSIRT", "SBG CSIRT", "Scitum-CSIRT", "SIDN CSIRT", "SoftBank CSIRT", "Statoil CSIRT", "Swisscom CSIRT", "TDBFG CSIRT", "Telefonica-CSIRT", "TM-CSIRT", "TWCSIRT", "UoA CSIRT", "UU-CSIRT"

SIRT

"Amazon SIRT", "BAC-SIRT", "BF-SIRT", "Box SIRT", "Citi SIRT", "du SIRT", "Handelsbanken SIRT", "HP GSIRT", "ID-SIRTII/CC", "ISIRT", "JACKSIRT", "Juniper SIRT", "KKCSIRT", "MBSD-SIRT", "NetApp SIRT", "PayPal GSIRT", "RH-ISIRT", "S-SIRT", "Scottrade SIRT", "TESIRT", "UNDP ISIRT"

CIRT

"AAB GCIRT", "BAH CIRT", "CDI-CIRT", "CGI CIRT", "CIRT.ME", "DT-CIRT", "GE-CIRT", "HerjavecCIRT", "ICANN CIRT", "KE-CIRT/CC", "LM-CIRT", "LTU MOD CIRT", "MFCIRT", "NeuCIRT", "NRD CIRT", "OS-CIRT", "SKInfosec CIRT", "VISA-CIRT"

CERT

"AboveSecCERT", "ACOnet-CERT", "ADGovCERT", "ADPCERT", "aeCERT", "Airbus CyberSecurity and CERT", "AlliaCERT", "ASTAR CERT", "AusCERT", "BASF gCERT", "BBVA CERT", "BELNET CERT", "BruCERT", "BTCERTCC", "CARICERT", "CBAcert", "CCN-CERT", "CERT Australia", "CERT BWI", "CERT Cyberseg", "CERT OPL", "CERT POLSKA", "CERT SG", "CERT ZSIS", "CERT-AG", "CERT-Bund", "CERT-EE", "CERT-EU", "CERT-FR", "CERT-GIB", "CERT-GOV-GE", "CERT-Hungary", "CERT-IL", "CERT-In", "CERT-LEXSI", "CERT-LT", "CERT-MU", "CERT-MX", "CERT-Post", "CERT-Renater", "CERT-RO", "CERT-SE", "CERT-UA", "CERT-UK", "CERT-VW", "CERT.at", "CERT.AZ", "CERT.br", "CERT.BY", "CERT.GOV.AZ", "CERT.LV", "CERT/CC", "CERTBw", "CERTGOVIL", "CERTSI", "CERTuy", "CESICAT-CERT", "CIS-CERT", "CLCERT", "CMCERT/CC", "CNCERT/CC", "colCERT", "ComCERT", "CyS-CERT", "Danish GovCERT", "dCERT", "DefCERT", "Defenda CERT", "DeNA CERT", "Deutsche Telekom CERT", "DFN-CERT", "DKCERT", "E.ON CERT", "eBay CERT", "EcuCERT", "EG-CERT", "ESACERT", "esCERT-UPC", "ETISALAT-CERT", "EWA-Canada/CanCERT", "Fidelity IO-CERT", "FinansCERT", "FJC-CERT", "FM CERT", "FORTHcert", "FSI-CERT", "FTS-CERT", "Fuji Xerox-CERT", "Funet CERT", "GEANT CERT", "GovCERT.ch", "GovCERT.CZ", "GovCERT.HK", "HelseCERT", "HKCERT", "HR-CERT", "ICIC-CERT", "IGLOO-CERT", "ILAN-CERT", "ING CCERT", "IPA-CERT", "ISG-CERT", "JPCERT/CC", "KIT-CERT", "KMD-CERT", "KN-CERT", "KPN-CERT", "KrCERT/CC", "KS-CERT", "KZ-CERT", "LITNET CERT", "LookingGlass CERT", "Lufthansa Group CERT", "maCERT", "MAPFRE-CCG-CERT", "Mnemo-CERT", "MOCERT", "MSCERT", "mtCERT", "MUFG-CERT", "MyCERT", "nabCERT", "ngCERT", "NOMX CERT", "NorCERT", "NTT-CERT", "NTTDATA-CERT", "NU-CERT", "NUSCERT", "OCERT", "ORACERT", "Orange-CERT-CC", "OxCERT", "PI-CERT", "PRE-CERT", "PROSEGUR CERT", "Q-CERT", "R-IT CERT", "Rakuten-CERT", "RayCERT", "RCTS CERT", "RU-CERT", "RUS-CERT", "S-CERT", "S2 Grupo CERT", "S21sec CERT", "SAFCERT", "secu-CERT", "SI-CERT", "Siemens-CERT", "SingCERT", "Sri Lanka CERT/CC", "SUNet-CERT", "SURFcert", "SWITCH-CERT", "SWRX CERT", "SymCERT", "TCERT", "TechCERT", "Telstra T-CERT", "TEO-CERT", "ThaiCERT", "TK CERT", "TR-CERT", "TS-CERT", "tunCERT", "TWCERT/CC", "TWNCERT", "TZ-CERT", "UCERT", "UiO-CERT", "UNAM-CERT", "UNINETT CERT", "US-CERT", "Vodafone-CERT"

IRT

"BIRT", "BMO ISIRT", "DIRT", "DnB IRT", "FSIRT", "GIS-IRT", "HIRT", "Leidos-IRT", "mIRT", "NIHIRT", "OSU-IRT", "SITSA IRT", "WAR-CSIIRT", "Yahoo IRT"

PSIRT

"Adobe PSIRT", "Cisco PSIRT", "Ericsson PSIRT", "Huawei PSIRT", "Lenovo PSIRT", "Panasonic PSIRT", "Ricoh PSIRT", "Xilinx PSIRT", "ZTE PSIRT"

その他

"Apple", "ASEC", "AT&T", "Axur", "Bell IPCR", "BFK", "Bunker", "CAIS/RNP", "CC-SEC", "CCIRC", "Cert-IST", "CFC", "CIBC", "CIRCL", "Cisco Systems", "Deutsche Bank", "ECSC", "EMC", "EY", "FB-SIR", "FortiGuard", "GD-AIS", "GIST", "Goldman Sachs", "GovCertUK", "HP PSRT", "HSBC REACT", "IBM", "IID", "IIJ-SECT", "Intel FIRST Team", "ISPIRIT", "IT-ISAC", "JC3-CIRC", "JPMC-GCS", "JSOC", "Mandiant Security", "MHA CSC", "MM", "Morgan Stanley", "NASA SOC", "NBCU-ISRT", "NCIRC CC", "NCSC-FI", "NCSC-NL", "NISC", "NIST", "NORDUnet", "O2", "OISIR", "P-CIRF", "PCH", "Quann", "RBSG", "RedIRIS", "RIM CS-ISOC", "SAP Cybersecurity", "Secunia Research", "Shell SecOps", "SIRCC", "SOC Team Claro Colombia", "SOC-CCOC", "Team Cymru", "TERIS", "UB-First", "UEFI USRT", "VeriSign", "WFC SOC", "YIRD"

集計スクリプト

第一引数に-Fオプションをつけて実行するとFIRSTの加盟チームをカウントします。

#/usr/bin/ruby
require 'net/http'

team = []
result = nil

if ARGV[0] == "-F"
  result = Net::HTTP.get('www.first.org', '/about/organization/teams')
  result.split("</tr>").each do |str|
    team.push $1 if str =~ /<td class="team_short">\n                                    <a href=".*">(.*)<\/a>/
  end
else
  result = Net::HTTP.get('www.nca.gr.jp', '/member/index.html')
  result.split("\n").each do |str|
    team.push $1 if str =~ /<td class="darkgreen">.*<a href=".*">(.*)<\/a><\/td>/
  end
end

csirt, sirt, cirt, cert, irt, psirt, other = [], [], [], [], [], [], []
team.each do |item|
  if item =~ /KKCSIRT/
    sirt.push item
  elsif item =~ /B2SIRT|FSIRT|BMO ISIRT|[^CS]IRT|[^cs]irt/
    irt.push item
  elsif item =~ /CSIRT/
    csirt.push item
  elsif item =~ /PSIRT/
    psirt.push item
  elsif item =~ /[^CP]SIRT/
    sirt.push item
  elsif item =~ /CIRT/
    cirt.push item
  elsif item =~ /CERT|cert/
    cert.push item
  else
    other.push item
  end
end

printf("CSIRT\t%d\t%.1f\%\n", csirt.size, csirt.size*100.0/team.size)
printf("SIRT\t%d\t%.1f\%\n", sirt.size, sirt.size*100.0/team.size)
printf("CIRT\t%d\t%.1f\%\n", cirt.size, cirt.size*100.0/team.size)
printf("CERT\t%d\t%.1f\%\n", cert.size, cert.size*100.0/team.size)
printf("IRT\t%d\t%.1f\%\n", irt.size, irt.size*100.0/team.size)
printf("PSIRT\t%d\t%.1f\%\n", psirt.size, psirt.size*100.0/team.size)
printf("OTHER\t%d\t%.1f\%\n", other.size, other.size*100.0/team.size)
printf("TOTAL\t%d\n", team.size)

p csirt, sirt, cirt, cert, irt, psirt, other