“Tell Them They Are a Responsible Entity, Not a Customer”

None, None; None, None; None, None; None, None; None, None; None, None; None, None

“Tell Them They Are a Responsible Entity, Not a Customer”

Understanding Practitioner Challenges in Sector CSIRTs

Conference Paper (2026)

Author(s)

Aksel Ethembabaoglu (TU Delft - Technology, Policy and Management)

Natalia I. Kadenko (TU Delft - Technology, Policy and Management, NCSC-NL (National Cyber Security Centre of the Netherlands))

Yana Angelova (TU Delft - Technology, Policy and Management)

Yury Zhauniarovich (TU Delft - Technology, Policy and Management)

Rolf van Wegberg (TU Delft - Technology, Policy and Management)

Simon Parkin (TU Delft - Technology, Policy and Management)

Michel van Eeten (TU Delft - Technology, Policy and Management)

Research Group

Organisation & Governance

Public sector Incident response Qualitative study Cybersecurity governance CSIRT CERT Vulnerability notifications

DOI related publication

https://doi.org/10.1145/3772318.3790613 Final published version

To reference this document use

https://resolver.tudelft.nl/uuid:2762e847-cccc-4a9f-aed3-8845f956c410

More Info

expand_more

Publication Year

2026

Language

English

Research Group

Organisation & Governance

Article number

1324

Pages (from-to)

1-23

Publisher

ACM

ISBN (electronic)

9798400722783

Event

2026 CHI Conference on Human Factors in Computing Systems, CHI 2026 (2026-04-13 - 2026-04-17), Barcelona, Spain

Downloads counter

27

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

In this paper, we study the experiences of practitioners in sectoral Computer Security Incident Response Teams (CSIRTs)—specialized teams that mediate between national cybersecurity authorities and the sector constituency. Through interviews with 18 professionals connected to the Informatiebeveiligingsdienst (IBD-CSIRT) for Dutch local governments, we uncover tensions in how key services are valued. For vulnerability notifications, while the CSIRT staff consider them a core service, many constituents hardly mention them, and systemic gaps in information forwarding mean that crucial alerts often never arrive. We extend these insights with 5 interviews across other sector CSIRTs and a validation workshop with 7 participants, all security officers from sector CSIRTs, revealing shared challenges in balancing technical expertise with sector knowledge, building trust-based relationships, and navigating institutional bottlenecks. Our findings contribute the first systematic account of how sector CSIRT professionals understand and perform their role, highlighting the tensions in providing sector-wide support to professionals with differing security needs.

Files

3772318.3790613.pdf

(pdf | 0.929 Mb)