CSIRT.SK description document according to RFC 2350

Document Information

This document provides formal description of the CSIRT.SK based on RFC 2350.

1.1. Date of Last Update

This is version 1.4, published on July 16th, 2021

1.2. Distribution List for Notifications

This profile is kept up-to-date on the location specified in 1.3. E-mail notifications of updates are sent to:

All CSIRT.SK members
The Trusted Introducer for CERTs in Europe (see https://www.trusted-introducer.org/ )
Any questions about updates please address to the CSIRT.SK e-mail address.

1.3. Locations where this Document May Be Found

The current version of this CSIRT/CERT description document is available from the CSIRT.SK site; its URL is: http://www.csirt.gov.sk/doc/rfc2350.txt. Please make sure you are using the latest version of this document.

1.4. Authenticating this Document

This document has been signed with the CSIRT.SK PGP key.
The signatures are also available on our web site, under:
http://www.csirt.gov.sk/doc/rfc2350.txt.sig

2. Contact Information
2.1. Name of the Team

CSIRT.SK – Computer Security Incident Response Team Slovakia

2.2. Address

CSIRT.SK
Ministry of Investments, Regional Development and Informatization of the Slovak Republic
Pribinova 25
811 09 Bratislava
Slovak Republic

2.3. Time Zone

GMT01/GMT02 with DST which starts on the last Sunday in March and ends on the last Sunday in October)

2.4. Telephone Number

+421 2 2092 8786
+421 2 2092 8804
+421 948 941 602

2.5. Facsimile Number

N/A

2.6. Other Telecommunication

Not available at the present.

2.7. Electronic Mail Address

Official e-mail address: info(at)csirt.sk
Address for incident reporting: incident(at)csirt.sk

2.8. Public Keys and Encryption Information

PGP/GnuPG is supported for secure communication. CSIRT.SK PGP Key ID: 0x676CDFAB
CSIRT.SK PGP Key Fingerprint: DFB9 E47B 4304 CB18 AF97 E49D EC51 77D3 E4E1 1CE2
The current CSIRT.SK team-key can be found on http://www.csirt.gov.sk/doc/CSIRT.SK.asc and is also present on the public key-server https://keyserver.pgp.com/. Please use this key when you want/need to encrypt messages that you send to CSIRT.SK. When due, CSIRT.SK will sign messages using the same key. When due, sign your messages using your own key please – it helps when that key is verifiable using the public key-servers.

2.9. Team Members

No information is provided about the CSIRT.SK team members in public.

2.10. Other Information

General information about the CSIRT.SK, as well as links to various recommended security resources, can be found at http://www.csirt.gov.sk.
CSIRT.SK is accredited by the Trusted Introducer for CERTs in Europe, see
https://www.trusted-introducer.org/directory/teams/csirtsk.html
CSIRT.SK is a member of FIRST.
2.11. Points of Customer Contact

Regular cases: the preferred method for contacting CSIRT.SK is via e-mail info(at)csirt.sk.

Regular response hours: from Monday to Friday, 08:00 – 16:00.

EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the CSIRT.SK can be reached by emergency telephone number:

+421 940 504 241
+421 940 504 227
+421 948 936 766.

3. Charter
3.1. Mission Statement

The mission of CSIRT.SK is to increase the protection of information systems of the public administration.

Activities of CSIRT.SK are connected with security incident handling and establishment of the former state of information systems and related information and communication technologies related to information systems of the public administration in the Slovak Republic. The core goals are:

response to the information security incidents in Slovakia in cooperation with the owners and providers of impacted parts of information systems of the public administration, telecommunication operators, ISPs and other public bodies (police, investigators, courts),
awareness raising in the field of information security,
cooperation with international counterparts and organizations and representation of Slovakia in the field of information security internationally.

3.2. Constituency

The CSIRT.SK provides services for the government as well as information systems in public administration in order to promote responses against IT security incidents. (Excluding military information.)

3.3. Sponsorship and/or Affiliation

CSIRT.SK is a governmental CSIRT of Slovakia and it is established as an independent division of Ministry of Investments, Regional Development and Informatization of the Slovak Republic.

3.4. Authority

CSIRT.SK is a governmental CSIRT (Computer Security Incident and Response Team) of Slovakia established under The Act on Cyber Security no.69/2018. The team coordinates security incidents on behalf of their constituency and has no authority reaching further than that. The team is however expected to make operational, non-obligatory recommendations in the course of their work. The implementation of such recommendations is not a responsibility of the team, but solely of those to whom the recommendations were made.

4. Policies

4.1. Types of Incidents and Level of Support

The CSIRT.SK is authorized to address all types of computer security incidents which occur, or threaten to occur, in its constituency. The level of support given by CSIRT.SK will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CSIRT.SK’s resources at the time. Special attention will be given to issues affecting critical information infrastructure. No direct support will be given to end-users, as they are expected to contact their system administrators. CSIRT.SK is committed to keep the constituency informed of potential vulnerabilities and existing threats, and where possible, will inform theirs of such threats and vulnerabilities before they are actively exploited.

4.2. Co-operation, Interaction and Disclosure of Information

ALL incoming information is handled confidentially by CSIRT.SK, regardless of its priority. Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well. CSIRT.SK supports the Information Sharing Traffic Light Protocol (ISTLP – see https://members.first.org/tlp/) – information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

CSIRT.SK will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymous fashion. If you object to this default behavior of CSIRT.SK, please make explicit what CSIRT.SK can do with the information you provide. CSIRT.SK will adhere to your policy, but will also point out to you if that means that CSIRT.SK cannot act on the information provided.

CSIRT.SK does not report incidents to law enforcement, unless national law requires so. Likewise, CSIRT.SK only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that CSIRT.SK cooperates in an investigation. When a court order is absent, CSIRT.SK will only provide information on a need-to-know basis.

4.3. Communication and Authentication

For communication which does not contain sensitive or classified information, normal methods like e-mail and fax will be used. For secure communication CSIRT.SK PGP key will be used for encryption and signing. In cases where there is doubt about the authenticity of information or its source, CSIRT.SK reserves the right to authenticate this by any (legal) means.

5. Services

5.1. Reactive Services

CSIRT.SK is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2). CSIRT.SK is able to assist system administrators in handling the technical and organizational aspects of incidents. In particular, it provides assistance or advice with respect to the following aspects of incident management:

5.2. Preventive Activities

CSIRT.SK pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking.

  1. Education and raising awareness in the field of information security
  2. Training
  3. Cooperation with other CSIRT teams
  4. Monitoring and documentation of incidents
  5. Connecting to Unified information system of cybersecurity
  6. Providing information to Unified information system of cybersecurity
  7. Receiving and sending early warnings of incidents via Unified information system of cybersecurity
  8. Announcements about existing vulnerabilities
  9. Technology watch
  10. Configuration and infrastructure maintenance
  11. Infiltration detection
  12. Information dissemination
  13. Threats Monitoring in the field of ICT
  14. Education and raising awareness in the field of information security
  15. Information security consulting
  16. Information security audit
  17. Assistance with the development of new CSIRT teamsIncident Reporting Forms

6. Incident Reporting Forms

If possible, please write an email with detailed description of the incident to incident(at)csirt.sk. Link to information on how to proceed is on https://www.csirt.gov.sk/hlasenia/nahlasenie-incidentu-861.html .

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT.SK assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

Posledná aktualizácia