When an infosec emergency happens, but it is not large enough for the national security organisations to get involved, who are you going to call?