Dear customers, dear colleagues, I have received quite some questions in response to my funding call for SIRCE. The following FAQ is a summary of the most popular ones. Unfortunately the amount of funds committed so far is a bit disappointing in the light of interest expressed earlier. If people are unhappy about the proposal or any other aspect, please let me know. We cannot fix it if we are not told. Thanks for your consideration. Daniel Karrenberg Q: I have had no time to read all the documents; can you please summarise what SIRCE is? A: SIRCE is a *coordination* service for security incident handling in Europe. SIRCE will *coordinate* the handling of incidents involving more than one of its customers. The *handling* of the incidents itself is performed by the organisations involved and *not* by SIRCE. In addition SIRCE will provide general support services to enable its customers to better handle security relevant incidents. The target customers for SIRCE, as proposed by the NCC, are the European ISPs. SIRCE services and policies will be geared towards ISP needs. Q: Do I need to set up my own Incident Response Team (IRT) in order to use SIRCE services. A: No, you can continue handling incidents like you do at present. SIRCE customers will just be asked to identify contact persons for security incident handling coordination. If you wish, SIRCE will provide support to set up an IRT or to otherwise improve your incident handling capability. Q: What makes SIRCE different from services like the CERT CC? A: SIRCE has local focus because it concentrates on Europe and the ISPs needs in particular. Of course SIRCE will coordinate on a global scale through similar organisations like the CERT CC. Q: Will SIRCE publish details or statistics about incidents in a way that reveals that my organisation was involved? A: No. Sirce will not publish details identifying customers involved without explicit permission. While detailed policies about statistics will be established with input from all customers during the pilot, we do not expect to publish statistics revealing the incident rate of individual customers. Q: Will SIRCE disclose details about incidents and/or my operational procedures to other customers? A: No. Again the detailed policies will be developed during the pilot. We expect these policies to be very conservative. They are likely to prefer direct information exchange between customers handling an incident if sensitive areas are involved. Q: When will SIRCE start operating? A: The project will start in Q1/97 and achieve initial incident coordination capability 2-3 months later. Q: What can I do to help make this happen? A: Commit a contribution to the funding of pilot operations in 1997. The minimum contribution is 500ECU. We are loking for an average of around 1000 ECU. This commitment is for 1997 only and there is no further obligation. Please use the form below for making commitments. Q: What are the benefits if I contribute? A: Direct benefits are preferred service, influence on policies and public credit. An important indirect benefit is that security incidents are well coordinated by an entity that looks after ISPs needs first. Q: Am I bound to my commitment if TERENA decides to execute SIRCE differently than proposed in ripe-150? A: No. The commitment is specifically for the project proposed in ripe-150. If a different proposal is preferred by TERENA, we will provide information about it and it is up to you to decide whether you want to get involved. Q: Which total commitment is necessary for the NCC to do SIRCE? A: The total budgeted expenditure in 1997 is 286kECU. The commitments from the ISP community are needed both to raise the funds necessary for a successful service and to document that the ISPs have a need for it. If the total commitment by November 27th is less than 100kECU there is not sufficient need and the NCC will withdraw. If there are commitments for 150kECU or more the project can go ahead since we expect additional commitments from new NCC customers and funds raised by TERENA. If the total will be between 100kECU and 150kECU it will depend on the distribution of the commitments. Q: What commitments have been received to date? A: Not many, especially when considering the interest expressed earlier. The table below shows all commitments in the order we received them. We will re-publish this list whenever it changes significantly. regid org name commit (ECU) se.pi pi.se AB Pontus Ekman 1000 at.aconet ACONET Wilfried Woeber 1000 es.rediris RedIRIS-CSIC Victor Castelo 1000 pl.cyfronet Academic Computer Centre, Karol Franczak 500 CYFRONET-KRAKOW ---- Total: 3500 ==== Q: How can I get more information? A: Document ripe-150 is the project proposal. ripe-149 is a position paper arguing why the RIPE NCC should execute the project. The service descriptions are in ftp://ftp.ripe.net/ripe/misc/cert-eu.ps. Further questions can be addressed to Daniel Karrenberg <Daniel.Karrenberg@ ripe.net>. ----- Please send the form below to <billing@ripe.net>: %START %FORM [sirce9601] I herby commit to contribute the ECU amount indicated to the SIRCE pilot project as defined in ripe-150 and the documents it refers to. I confirm that I have authority to commit my organisation for this contribution. I expect to be invoiced for this contribution as soon as the project will have started. Please put information between the brackets. Please give your full name. %NAME [ ] Please give your position in the organisation. %POS [ ] Specify the registry ID of your organisation if it has one. %REGID [ ] If you have *not* specified a registry ID above, please give the full organisation name and billing address. We will contact you for more details if necessary. %ORGNAME [ ] %ADDRESS [ ] Committed amount in ECU. Minimum is ECU 500. Excludes VAT where applicable. %AMOUNT [ ] Any billing reference that you may wish to be mentioned on the invoice. %BILLREF [ ] %END