The National Cybersecurity Centre (NCKB) and its GovCERT.CZ team offer the following services that could help your organization assure cybersecurity:

Coordination and Aid in Resolving Incidents

Resolving security incidents is among the government team’s main activities. When reporting such an event, the team’s experts are prepared to technically aid your specialists and provide advice for further preventive measures. If it’s discovered that an incident targeted multiple entities, the team is prepared to coordinate a common approach to its resolution.

The GovCERT.CZ team provides network data and log analyses as part of resolving an incident with the goal of identifying the method and effects of the incident. It also offers consultations to obligated entities whether there was an incident and not just an event by analysing the corresponding data.

In light of the extensive cooperation established across various institutions, contacts can be provided for Czech security teams as well as foreign partners to resolve incidents that cross borders.

Detection System Project

As part of the created and expanded detection system, GovCERT.CZ processes cybersecurity events and metadata from network operation in the form of flow records from the perimeter of connected organizations. The goal of the project is to detect global problems that have multiple targets among organizations that must participate in the project. Blacklists and signatures that are published are then feedback for the participating partners. Finally, it provides early warnings about attacks that we detect at other organizations that could affect you as well.

Implementing Honeypots

Honeypots detect unauthorized attempts to access various systems and monitor the behaviour of attackers and their vectors on the basis of known vulnerabilities. Network traps can be installed on IP addresses defined by you to implement this type of monitoring. If you agree to cooperate with the government team in this area, you can participate in the significant sharing of information that comes from these honeypots. The GovCERT.CZ team can also prepare a virtual device with honeypots that can be installed in a partner network. This virtual device can be added to the target organization’s infrastructure as needed.

Penetration Testing

Penetration tests are a form of preventive measures. It is a legal attempt to access the tested systems based on a valid contract. The result is a report about the tested entity’s security gaps that is meant solely for its owner that uses the report to implement the appropriate security measures. All questions about the service can be directed to pentest@nukib.cz.

Internal Tests

Internal tests simulate an attack from inside the organization’s network. It could be a dissatisfied employee or attacker that has physical or remote access to the organization’s network infrastructure. Simulating this attack has the potential for the greatest effect because the attacker has access to the internal network from the beginning.

Internal tests evaluate the security of the internal network and the vulnerabilities discovered within, as well as test security measures that protect resources, services, and data from unauthorized access or abuse by internal network users such as partners and suppliers. Providing this service requires a valid contract.

External Tests

External tests simulate attacks from external networks. The attacker is not familiar with the organization’s network infrastructure and only has information that is freely available. External testing targets services that face the internet such as websites, web applications, email, DNS servers, and various other services. The primary goal is to discover the largest number of significant vulnerabilities that could lead to penetration and unauthorized access to the internal network, thus acquiring the organization’s valuable data. Providing this service requires a valid contract.

Constant Vulnerability Scanning

The GovCERT.CZ team offers participation in the Constant Vulnerability Scanning project. Participating entities are monitored over time to discover the presence of the most well-known vulnerabilities, specifically employing automated scanning tools. If a vulnerability is discovered, the participating entity is notified. The Constant Vulnerability Scanning project is currently meant for entities regulated by the Cybersecurity Law, unregulated public administration bodies, and other entities according to the GovCERT.CZ team’s capacities. Providing this service requires a valid contract.

Vulnerable Service Detection

The GovCERT.CZ team detects potentially vulnerable services by scanning ports and detecting service versions using the banner grabbing method. The program can be joined by submitting the IP range to be scanned.

Other Specialized Tests

Other specific tests not listed that are related to testing system security can also be provided.

A Forensic Laboratory

In reaction to ongoing or past security incidents, the experts from the GovCERT.CZ team can perform a forensic analysis of the attacked systems and the uncovered malignant code. If devices at your institutions have been compromised for any reason, or you have a reasonable suspicion they could have been compromised, this event can be technically investigated in our forensic laboratory. The results of this analysis include recommendations for system administrators that can help avoid future incidents and to detect them early to minimize the effects on the given institution.

Securing Data

This service includes consultations and providing support to collect data needed for analysis. This often means copying disks, memory imaging, and log extraction. If you cannot procure the data yourselves or with the help of your vendors, one of our technicians can do so. Entire systems can also be analysed, as well as malignant attachments to fraudulent e-mails (e.g. phishing/spear-phishing).

Analysis Procedures and Results

After reception of the data, our organization analyses the progress of the incident and then creates a final report that includes the documented method of analysis. The time needed for the analysis depends on the amount and quality of data provided.

This service is primarily designed for entities subject to the Cybersecurity Law. Other organizations not subject to this law can also be aided in this way provided the Agency’s leadership agrees.

The Cybersecurity of Operational Technologies

The GovCERT.CZ team focuses on this specific area of cybersecurity in light of the growing number of cyber threats in the world of operational technologies. The main task of specialists in the GovCERT.CZ team is to react to and resolve cybersecurity incidents in industrial environments. Its pro-active activities include identifying cyber threats to industrial technologies, developing a laboratory testing environment, and offering operational technology cybersecurity courses.

Educational and Research Activities

Why and How to Start Penetration Tests

This course is for cybersecurity managers, heads of IT departments, and administrators. It is a lecture with practical demonstrations that offers an overview of various forms of penetration tests and their effects. Participants will also learn about the typical procedures in penetration tests, from setting the test range, signing contracts, and scanning vulnerabilities to abuse and controlling the most important infrastructure elements (). In last part of the lecture, we will familiarize participants with tests/services that our penetration test unit offers. The participants will learn why penetration tests should be regularly performed; what can be discovered during tests; and what they can prevent. Participants will also have an overview of different types of penetration tests and will be able to evaluate which tests are needed, their extent, and which situations demand them.

OT Cybersecurity Course

This one-day course in industrial cybersecurity is meant for non-IT employees so they understand cybersecurity threats in industrial technologies; increase their awareness about current cybersecurity problems; the differences between IT/OT environments; general cybersecurity fundamentals; and the specifics of cybersecurity in industry. The course is concluded with a demonstration of a cybersecurity attack on industrial network elements.

Network Forensic Analysis Course

This course focuses on processing network data in the form of a PCAP capture using wireshark and moloch tools. The goal is to present network forensic analysis principles and use one of the listed tools to analyse network data.

Network Security Course

This course focuses on network infrastructure elements and their benefits to network security. Various technologies such as firewall, network probes, IDS/IPS solutions, etc. are presented, as are the associated best-practise implementations and what do.

If you are interested in any of the above-listed services, do not hesitate to contact us.