Forum of Incident Response and Security Teams

The Forum of Incident Response and Security Teams (FIRST) is a global forum of incident response and security teams. They aim to improve cooperation between security teams on handling major cybersecurity incidents. FIRST is an association of incident response teams with global coverage.

The 2018 Report of the United Nations Secretary-General's High-Level Panel on Digital Cooperation noted FIRST as a neutral third party which can help build trust and exchange best practices and tools during cybersecurity incidents.

History
FIRST was founded as an informal group by a number of incident response teams after the WANK (computer worm) highlighted the need for better coordination of incident response activities between organizations, during major incidents. It was formally incorporated in California on August 7, 1995, and moved to North Carolina on May 14, 2014.

Activities
In 2020, FIRST launched EthicsFIRST, a code of Ethics for Incident Response teams.

Annually, FIRST offers a Suguru Yamaguchi Fellowship, which helps incident response teams with national responsibility gain further integration with the international incident response community. It also maintains an Incident Response Hall of Fame, highlighting individuals who contributed significantly to the Incident Response community.

FIRST maintains several international standards, including the Common Vulnerability Scoring System, a standard for expressing impact of security vulnerabilities; the Traffic light protocol for classifying sensitive information; and the Exploit Prediction Scoring System, an effort for predicting when software vulnerabilities will be exploited.

FIRST is a partner of the International Telecommunication Union (ITU) and the Department of Foreign Affairs and Trade of Australia on Cybersecurity. The ITU co-organizes with FIRST the Women in Cyber Mentorship Programme, which engages cybersecurity leaders in the field, and connects them with women worldwide.

Together with the National Telecommunications and Information Administration, FIRST also publishes guidelines for multi-party vulnerability disclosure, in scenarios such as the Heartbleed vulnerability in OpenSSL.

In 2019, the Wall Street Journal reported Huawei Technologies Co. had been suspended from the Forum of Incident Response and Security Teams due to changes to US technology export restrictions. In 2017, a NATO-style coalition of 41 states, including all Gulf Cooperation Council states, intended to work closely with FIRST to heighten levels of cybersecurity cooperation.

Internet governance implications
In his study of Internet Governance, Joseph Nye identified FIRST as an "incident response regime", supporting global cyber activities.

Political scientists focused on international security have considered organizations such as FIRST to be transparency and confidence-building measures in cyberspace, "elements of international policy that reduce threats, build trust, and make relationships between states more predictable".

The FIRST community has also been considered an example of "science diplomacy", as its technical community offers a means of navigating tensions in a way political actors re not able to.