CSIRT Description for SK-CERT, National CSIRT of the Slovak Republic
1. Document Information
This document provides formal description of the SK-CERT based on RFC2350.
1.1. Date of Last Update
This is version 1.2, published on April 1st, 2018
1.2. Distribution List for Notifications
There is no distribution list for notifications about changes in this document.
1.3. Locations where this Document May be Found
The current version of this CERT description document is available on the SK-CERT site; its URL is: https://www.sk-cert.sk/o-nas/rfc2350/. Please make sure you are using the latest version of this document.
1.4. Authenticating this Document
For validation purposes, a PGP signed ASCII version of this document is located at https://www.sk-cert.sk/wp-content/uploads/2017/12/RFC2350.txt. The key used for signing is the SK-CERT key as listed under 2.8.
2.1. Name of the Team
SK – CERT – Slovak Computer Emergency Response Team
SK-CERT Národný bezpečnostný úrad (National Security Authority)
851 06 Bratislava
2.3. Time Zone
GMT01 (GMT02 with DST which starts on the last Sunday in March and ends on the last Sunday in October)
2.4. Telephone Number
+421 2 6869 2858
+421 903 993 706
2.5. Fax Number
+421 2 6869 1700
2.6. Other Telecommunication
Not available at the present.
2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication.
SK-CERT PGP Key ID: 0xCF7496BD1A1A0ACD
SK-CERT PGP Key Fingerprint: D66E 619A E83A 8802 51A6 5AC7 CF74 96BD 1A1A 0ACD
The current SK – CERT team – key can be found on this place. Please use this key when you want/need to encrypt messages that you send to SK-CERT . When due, SK-CERT will sign messages using the same key. When due, sign your messages using your own key please – it helps when that key is verifiable using the public key – servers.
2.9. Team Members
A complete list of SK-CERT members is not publicly available. If necessary, members of SK-CERT will identify themselves in particular situations, like incident reporting, response, coordination, support etc.
2.10. Other Information
General information about SK-CERT can be found at: https://www.sk-cert.sk
2.11. Points of Customer Contact
Regular cases: the preferred method for contacting SK-CERT is via e-mail sk-cert(at)nbu.gov.sk.
Regular response hours: 24/7 service.
EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the SK-CERT can be reached by emergency telephone number: +421 903 993 706.
3.1. Mission Statement
SK-CERT is the National CSIRT of the Slovak Republic. SK-CERT’s mission is to provide national-level CSIRT services, as well as distributing information and research. SK-CERT performs the following tasks:
- is a Point of Contact for constituents and other partners,
- maintains foreign relations and communicates with foreign partners, and with the global community of CERT/CSIRT teams, and with organizations supporting the community,
- cooperates with various entities across the country, such as organizations in critical infrastructure, security forces and organizations, ISPs, domain providers, content providers, banks and other financial institutions, academic community, public authorities and other important institutions,
- provides security services such as:
- proactive actions to prevent cyber security incidents, to prepare for such incidents and reduce the impact,
- coordination in case of cyber security incidents,
- education, tutoring and training.
SK-CERT also handles incidents that originate in networks of Slovak Republic and are reported to the team by any person or institution.
The SK-CERT team constituency is located in cyberspace of Slovak Republic. SK-CERT is a national CSIRT, meaning that it provides services to all users and networks in:
- Internet public ASN and IP addresses located/originated and/or operating in Slovak Republic,
- Domains under .sk top level domain,
- Domains under top level domains other than .sk which are in use or maintained by Slovak entities,
- Parts of critical infrastructure not under oversight of other designated CSIRT.
SK-CERT is capable of forwarding requests to sectorial CSIRTs.
3.3. Sponsorship and/or Affiliation
SK-CERT is a national CSIRT of Slovakia and it was established as a department of National Security Authority of the Slovak Republic.
The main authority of SK-CERT is coordinate and support incident response for their constituency
4.1. Types of Incidents and Level of Support
SK-CERT provides services in incident handling for their constituency and a level of support depending on type and severity of particular incident. Modus of incident handling and response also depends on actual personal and technical resources and condition of SK-CERT.
4.2. Co-operation, Interaction and Disclosure of Information
SK-CERT actively cooperates with other home and foreign CSIRTs. SK-CERT exchanges all necessary information with constituents, partners and other CSIRTs. Incident handling and information sharing is done based on priority and sensitivity, within boundaries of established law and restrictions in Data Protection law. Encryption is used when dealing with sensitive data and information. SK-CERT supports the Information Sharing Traffic Light Protocol (ISTLP) – information that comes with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
4.3. Communication and Authentication
For regular communication (not containing sensitive information) SK-CERT uses unencrypted e-mail or phone. For secure communication PGP encrypted communication is used.
5.1 Incident response
Incident response by SK-CERT is based on cooperation and support to handling computer security incident, distribute all important information to constituents and partners and provide all necessary steps to reduce the impact of incident. In incident response SK-CERT respect these aspects:
5.1.1. Incident Triage
- Investigating whether indeed an incident is authentic,
- Investigating whether an incident is still relevant,
- Determining the extent of the incident,
- Prioritizing the incident.
5.1.2. Incident Coordination
- Determining the initial cause of the incident,
- Determining the involved organizations and maintaining contact with them,
- Investigating the incident and take the appropriate steps in cooperation with involved organizations,
- Facilitating contact to other parties which can help resolve the incident,
- Facilitating contact with other sites which may be involved,
- Facilitating contact with appropriate law enforcement officials, media if necessary.
5.1.3. Incident Resolution
- Collecting the evidence of the incident,
- Sharing all important information with constituents and partners.
SK-CERT will give advice, can established cooperation and communication between involved parties, but no physical support. SK-CERT also collects statistics about reported incidents and their solving.
5.2. Proactive Activities
SK-CERT is performing steps in proactive services, mainly in the form of preventive measures. That includes:
- Announcements about existing vulnerabilities, hacking methods and malware types,
- Technology watch,
- Configuration and infrastructure maintenance,
- Infiltration detection,
- Information dissemination,
- Threats Monitoring in cyberspace (included Internet, networks, IoT),
- Education and awareness raising in the field of information security,
- Assistance by new CSIRT/CERT development at the national level.
6. Incident Reporting Forms
If possible, please use the Incident Reporting Form available at https://sk-cert.sk. Otherwise write an e-mail with detailed description of the incident to sk-cert(at)nbu.gov.sk.
While every precaution will be taken in the preparation of information, notifications and alerts, SK-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.