The new information and communication technologies (ICT) have become a truly crucial infrastructure to support activities in our daily lives. There is a growing dependence on ICT in various sectors of our society, where an effective securitization of this infrastructure, like others already considered critical as electricity distribution networks or the public telephone network, is of the utmost importance.

The combination of the amount of networked information and the increasing complexity of computing systems and applications that treats them has made these systems and information in them extremely vulnerable to attack.

On November 2, 1988, the Internet was the target of malicious software commonly known as “worm”. This software, created by Robert Morris for the purpose of self-propagating through the network, was responsible for the contamination of more than 60,000 computers, adversely affecting and for several days several services and the global functionality of the Internet. The speed of propagation and the consequent impact of the now-designated Morris Worm caught the then-small Internet community off guard. From the analysis of the incident, it was found that the most detrimental to the normal functioning of the network and associated services was not the time needed to find an effective antidote, but rather the lack of an organized structure that would inform the community of the existence of the incident, an effective distribution of the antidote and instruct users about its application. As a immediate consequence, a security incident response coordination center called CERT / CC was created.

Another illustrative example of the destruction and impact on people’s lives caused by a computer security incident dates back to 2003. The sapphire or SQL / Slammer worm hit 90 percent of SQL servers worldwide in about 10 minutes, causing total breakdown of, among others, mobile communication networks in South Korea, Bank of America’s ATM network, 5 DNS root servers worldwide, and Continental Airlines’ ticketing system. In Portugal, 300,000 customers were deprived of cable Internet service for 12 hours. In this case, the exploited vulnerability was known for more than 6 months, and the rapid application of the existing software patch allowed the situation to be controlled.

More recently, between April and May 2007, a number of governmental Internet servers, Internet service providers, e-banking servers, media portals and e-payment networks in Estonia were the target of a sequence of attacks, mostly Distributed Denial of Service (DDoS), with devastating results for the normal functioning of an entire country.

These and other large incidents have been demonstrating the weaknesses of an infrastructure considered critical in supporting activities that span all sectors of society. On the other hand, the trend observed in recent years indicates that the major incidents of network and information security are supported in professional structures that aim financial gain.

Computer security incident response services (CSIRTs) have been identified as essential in preventing and responding to this type of phenomenon. In this context, the FCT’s FCCN Unit, through its RCTS CERT service, has a wide national and international experience both in the treatment and coordination of incident response and in the dissemination and other forms of promotion of the CSIRT concept.