RFC2350
1 Document Information
This document describes SI-CERT in accordance with RFC 2350.
1.1 Date of Last Update
Version 3.3, published on 6 September 2023.
1.2 Distribution List for Notifications
Changes to this document are not distributed by a mailing list.
1.3 Locations where this Document May Be Found
The document is located at the following address:
https://cert.si/o-nas/rfc2350/
The latest version is available also upon request to cert@cert.si via electronic mail.
2 Contact Information
2.1 Name of the Team
SI-CERT: Slovenian Computer Emergency Response Team (English name)
SI-CERT: Nacionalni odzivni center za kibernetsko varnost (Slovenian name)
2.2 Address
SI-CERT
ARNES, Tehnološki park 18
SI-1000 Ljubljana
Slovenia
2.3 Time Zone
- CET, Central European Time
(UTC+1, between last Sunday in October and last Sunday in March) - CEST (also CET DST), Central European Summer Time
(UTC+2, between last Sunday in March and last Sunday in October)
2.4 Telephone Number
+386 1 479 88 22
2.5 Other Telecommunication
None.
2.6 Electronic Mail Address
SI-CERT uses different e-mail addresses for different purposes:
- cert@cert.si for incident reports,
- press@cert.si for media queries and questions,
- info@cert.si for all other queries.
2.7 Public Keys and Encryption Information
SI-CERT uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG keyservers and at http://www.cert.si/fileadmin/dokumenti/si-cert/si-cert-pgp.asc. Information about the key:
pub 1024D/7231E551 2010-03-16
Key fingerprint = 9FBE 795D C4A8 0D60 9568 32FA A9F9 8661 7231 E551
uid SI-CERT <si-cert@arnes.si>
uid SI-CERT <cert@cert.si>
uid SI-CERT <info@cert.si>
2.8 Team Members
Gorazd Božič is the Team Manager of SI-CERT. A full list of other members of SI-CERT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.
2.9 Other Information
General information about SI-CERT in English language is available at https://cert.si/en/. Information in Slovenian language including SI-CERT news and bulletins is available at https://cert.si/. Information related to awareness-raising activities is located at https://varninainternetu.si.
2.10 Points of Customer Contact
The preferred method of contacting SI-CERT is via e-mail at the following addresses:
- cert@cert.si for incident reports,
- press@cert.si for media queries and questions,
- info@cert.si for all other queries.
Office hours for SI-CERT are between 8:00 and 16:00 on working days. During office hours, SI-CERT staff is available via e-mail. Outside office hours team member on duty regularly checks for reports directed to the mentioned e-mail addresses.
3 Charter
3.1 Mission Statement
SI-CERT offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in Slovenia, with the exception of government networks (see 3.2 Constituency). In various ways SI-CERT helps raising awareness on issues of network and information security and provides advisories and alerts to the general public.
3.2 Constituency
SI-CERT is the Slovenian national CSIRT as defined in Article 28 of the Information Security Act. Its constituency includes all operators of essential services (OES) and digital service providers (DSP) as defined in the NIS Directive. All OES and DSP are required to report incidents above a certain threshold. The constituency is extended networks and users located in Slovenia with voluntary reporting of incidents. SI-CERT constituency does not include government networks and systems which have to be reported to SIGOV-CERT, the Slovenian government CSIRT.
According to the Article 118 of the Electronic Communications Act (ZEKom-2) operators must, immediately upon detection, notify the Agency (independent regulatory authority) and the SI-CERT of any breach of security or integrity that has had a significant impact on the operation of public communications networks or the provision of public communications services.
Additionally, in accordance with the Article 23 of Personal Data Protection Act (ZVOP-2) for specified information systems the provisions on security requirements and incident reporting laid down in the Information Security Act shall also apply.
3.3 Sponsorship and/or Affiliation
SI-CERT operates within the Academic and Research Network of Slovenia (ARNES), a not-for-profit public institution. All activities of SI-CERT are funded by the Government Information Security Office.
3.4 Authority
SI-CERT is the national CSIRT of Slovenia, a response centre for handling incidents in electronic network and information security in accordance with the Article 28 of the Information Security Act.
SI-CERT operates within ARNES (Academic and Research Network of Slovenia) within the Sector of National Internet Infrastructure. SI-CERT strives to maintain active cooperation and partnerships with all Slovenian ISPs, law-enforcement bodies and other stakeholders in the field of network and information security.
4 Policies
4.1 Types of Incidents and Level of Support
SI-CERT handles various types of security incidents that occur on network equipment or are performed using IP-based networks located in Slovenia. The level of support depends on the type of the incident and the severity as determined by SI-CERT staff. Incident handling for reports based on mandatory reporting as defined in Information Security Act takes precedence over voluntary reporting which is done on a best-effort basis.
4.2 Co-operation, Interaction and Disclosure of Information
SI-CERT treats all information included in the correspondence as confidential. Information will only be disclosed to other parties involved in the investigation of the reported incident. In such events any identifiable information that is not crucial to the investigation by the party involved will be anonymised.
SI-CERT discloses information to other bodies only in accordance with applicable Slovenian legislation when presented with a court order or as is needed in accordance with Information Security Act.
4.3 Communication and Authentication
The preferred method of communication is via e-mail. When the content is deemed sensitive enough or requires authentication, SI-CERT PGP key is used for signing e-mail messages. All sensitive communication to SI-CERT should be encrypted by the team’s PGP key. Alternative methods can be agreed on over the phone.
5 Services
5.1 Incident Response
SI-CERT will assist anyone within the constituency in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
- Investigating whether indeed an incident occured.
- Determining the extent of the incident.
5.1.2. Incident Coordination
- Determining the initial cause of the incident.
- Facilitating contact with other sites which may be involved.
- Making reports to other CSIRTs.
- Composing announcements to users, when applicable.
5.1.3. Incident Resolution
- Providing advice to the reporting party that will help removing the vulnerabilities that caused the incident and securing the systems from the effects of the incidents.
- Evaluating which actions are most suitable to provide desired results regarding the incident resolution.
- Provide assistance in evidence collection and data interpretation when needed.
5.2 Proactive Activities
- Awareness-raising program “Safe on the internet” (Varni na internetu)
SI-CERT is running the national awareness-raising program targeted at individual internet users and SMEs. Goals of the program are to provide efficient methods for risk identification and mitigation and to raise awareness via national campaigns. - Information services
SI-CERT publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various communication channels (web, mailing lists, RSS feeds, Twitter and LinkedIn Page) and PR activities. - Training services
SI-CERT members give periodic lectures, seminars and workshops on network and information security topics.
6 Incident Reporting Forms
Reports are normally sent to the e-mail address cert@cert.si, but can also be reported via the on-line form located at:
https://www.varninainternetu.si/prevare/ (in Slovenian language only).
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, SI-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.