National Cyber and Information Security Agency

Description for the Government CERT of the Czech Republic

1. About this document

This document contains a description for the Government CERT of the Czech Republic according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of Last Update

This is version 12 of 2020/08/17.

1.2 Distribution List for Notifications

There is no distribution list for notifications. Any specific questions or remarks please address to the GovCERT.CZ mail address.

1.3 Locations where this Document May Be Found

The current version of this CERT description document is available from the NUKIB website - download here.

2. Contact Information

2.1 Name of the Team

GovCERT.CZ: Government CERT of the Czech Republic

2.2 Address

National Cyber Security Centre (Government CERT)
Mucednicka 1125/31
616 00, Brno
Czech Republic

2.3 Time Zone

CET, Central European Time (UTC+1, from the last Sunday in October to the last Saturday in March)

CEST, Central European Summer Time (UTC+2, from the last Sunday in March to the last Saturday in October)

2.4 Telephone Number

+420 541 110 777

+420 725 502 878 (outside of working hours)

2.5 Other Telecommunication

Not available

2.6 Electronic Mail Address

For the incident reports, please use the address cert.incident@nukib.cz.

For the non-incident related messages, please use the cert@nukib.cz.

2.7 Public Keys and Encryption Information

For the incident related communication, you can use this key:
pub 4096R/D2A1C881 2019-01-01
uid CERT Incident CZE (Reporting channel for NCSC CZE)
< cert.incident@nukib.cz >
key fingerprint = 3F29 12FE 999B 93D9 AB58 DC5C 43A1 3897 D2A1 C881

For the non-incident related communication, you can use this key:
pub 4096R/A57337A6 2019-01-01
uid Government CERT CZE (Communication channel with NCSC CZE)
< cert@nukib.cz >
key fingerprint = F60C 0622 EE75 52C9 7EE5 E9F8 4405 4AC1 A573 37A6

2.8 Team Members

The team leader and the Director of the GovCERT.CZ Department is Jakub Vesely. A full list of GovCERT.CZ team members is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

Management, liaison and supervision are provided by Tomas Krejci, the Deputy Director of National Cyber Security Centre Division, National Cyber and Information Security Agency.

2.9 Other Information

General information about the GovCERT.CZ can be found at nukib.gov.cz/en/

2.10 Points of Customer Contact

The preferred method for contacting GovCERT.CZ is via e-mail.

Incident reports and related issues should be sent to the address cert.incident@nukib.cz. This will create a ticket in our tracking system. In case of reporting incident outside of working hours also contact the person on duty at +420 725 502 878.

For general questions please send an e-mail to cert@nukib.cz.

If it is not possible (or not advisable for security reasons) to use e-mail, the GovCERT.CZ can be reached by telephone.

The GovCERT.CZ's hours of operation are generally restricted to regular business hours (07:45-16:30 Monday to Friday, except holidays).

3. Charter

3.1 Mission Statement

The Government CERT plays a key role in safeguarding the critical information infrastructure and the state bodies. Our goal is to help them to effectively face security challenges, react on the incidents, coordinate actions to solve them and effectively prevent them.

3.2 Constituency

Our constituency are public sector institutions and critical information infrastructure of the Czech Republic.

3.3 Sponsorship and/or Affiliation

GovCERT.CZ is part of the National Cyber Security Centre, National Cyber and Information Security Agency, Czech Republic.

3.4 Authority

The Government CERT operates under the auspices of, and with authority delegated by, the National Cyber Security Centre. The National Cyber Security Centre operates within the bounds of the Czech legislation.

The GovCERT.CZ expects to work cooperatively with system administrators and users at public sector institutions and at critical information infrastructure.

4. Policies

4.1 Types of Incidents and Level of Support

The GovCERT.CZ is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency.

The level of support given by GovCERT.CZ will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and GovCERT.CZ's resources at the time, though in all cases some response will be made within one working day. Special attention will be given to issues affecting critical information infrastructure.

Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator or their ISP for assistance. GovCERT.CZ will support the latter people.

GovCERT.CZ is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

4.2 Co-operation, Interaction and Disclosure of Information

All incoming information is handled confidentially by GovCERT.CZ, regardless of its priority. Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies.

GovCERT.CZ will use the information you provide to help solve security incidents. Information will only be distributed further to other teams and members on a need-to-know base, and preferably in an anonymized fashion. The GovCERT.CZ operates within the bounds of the Czech legislation.

4.3 Communication and Authentication

E-mails and telephones are considered sufficiently secure to be used even unencrypted for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail, PGP will be used.

If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. TI, FIRST) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

5. Services

5.1 Incident Response

GovCERT.CZ will assist local administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1. Incident Triage

Determining whether an incident is authentic.
Determining the extent of the incident, and its priority.

5.1.2. Incident Coordination

Contact the involved parties to investigate the incident and take the appropriate steps.
Facilitate contact to other parties which can help resolve the incident.
Making reports to other CERT^® teams or CSIRTs if needed.
Communicate with stakeholders and media.

5.1.3. Incident Resolution

Providing advice to the local security teams on appropriate actions.
Follow up on the progress of the concerned local security teams.
Provide assistance in evidence collection and data interpretation.

In addition, GovCERT.CZ will collect statistics concerning incidents which occur within or involve its constituency, and will notify the community as necessary to assist it in protecting against known attacks.

5.2 Proactive Activities

GovCERT.CZ maintains the list of security contacts for every institution in its constituency. Those are available when necessary for solving security incidents or attacks.

GovCERT.CZ publishes announcements concerning serious security threats to prevent ICT related incidents or to prepare for such incidents and reduce the impact.

GovCERT.CZ is also processing IoCs¹ from available sources and in case of a positive finding ensures propagation of relevant information to the contact responsible for the affected system.

GovCERT.CZ also tries to raise security awareness in its constituency.

6. Incident Reporting Forms

The form is available here.

XML schema is available here (only in Czech).

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, GovCERT.CZ assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

¹ Indicators of Compromise

News

NÚKIB Representatives Co-Organized a Cyber Security Exercise in Albania

On 3 April 2024, a cyber exercise was held in Tirana, Albania, which was designed as an interactive, non-technical tabletop exercise aimed at high-level decision-makers, including security and strategic communication experts. The National Cyber and Information Security Agency (NÚKIB) was represented by Irena Adler Pavelková and Miroslava Čavojská from the Exercise Unit, who were directly involved in the preparation of the exercise scenario, its presentation, and moderation of the discussion among the participants. The exercise was organized within the framework of the EU Cybersecurity Capacity Building in the Western Balkans, which the Estonian governmental organization e-Governance Academy led in cooperation with the Dutch non-profit organization CILC.

In collaboration with colleagues from the Albanian National Authority for Electronic Certification and Cyber Security (AKCESK), a scenario was prepared for participants from various government institutions and bank representatives, including the Bank of Albania. The scenario focused on the escalating cyber crisis in the banking sector and highlighted the multidimensional nature of cyber threats. One of the objectives of the simulation was to discuss Albania's new cybersecurity legislation and to focus on cooperation and crisis communication between the institutions involved. The cyber exercise was also attended by the Deputy Prime Minister of Albania, Bellinda Balluku, who expressed her support for the project while emphasizing the importance of cyber security and increasing the resilience of the whole society in cyberspace.

Celá zpráva 2024-04-09

RFC 2350 standard