Government-CERT (GovCERT) – the CERT of the public sector administrationy Response Team
GovCERT as a central, operational facility for cyber security
As a central, operational facility for cyber security, the GovCERT supports the target groups public sector administration and critical infrastructures through operational and technical know-how and the provision of a national and international network to exchange experiences and information. In addition, it is established as a strategic, national point-of-contact (POC) for international CERT partnerships. The GovCERT also promotes the development of industry-specific CERTs.
The area of critical infrastructures belongs to the target group of the GovCERT only if the latter does not have any industry CERT of its own. It is the explicit goal of the GovCERT to promote the establishment of CERTs in all sectors.
Structure of the GovCERT
The structure and the range of services of the GovCERT are oriented to international recommendations that have been supplemented by specific enhancements from their own environment of experience.
The Federal Chancellery operates the functionality of a GovCERT and draws on the operational and technical resources of nic.at. The following circumstances are to be taken into account:
- The GovCERT consists of employees of the Federal Chancellery and/or of nic.at.
- The Federal Chancellery, and here in particular the ICT strategy of the federal government, has the responsibility and the overall management for the tasks of the GovCERT as the operator of the GovCERT.
- As a result of the cooperation agreement, the technical and operational implementation of the tasks lies with nic.at.
Tasks of the GovCERT
The GovCERT carries out the following tasks in particular:
- Information hub for the operational area cyber security of the defined target groups
- Coordination of incidents from the operational NIS operation of the GovCERT target groups
- CERT Single Point-of-Contact for operational, national and international networking and collaboration
- Pooling of the sector-specific safety technology expertise for the area of public sector administration
- Taking of preventive measures
- Support service on site
- Collection and evaluation of security incidents
- Participation in the operational coordination structure
- Support of the cyber strategy development
The GovCERT has superb contacts at national, European and international level. It is a member in the Austrian CERT network and a member in the European Government CERT Group. This group is currently deemed to be the world’s most efficient association in the combating of cyber threats. Further details on activities of the Austrian GovCERT can be read in the annually published security report.
CERT.at – the national CERT
The national CERT in Austria was started in 2008 in cooperation with the Federal Chancellery and nic.at, the Austrian domain register. CERT.at represents Austria in the “Forum for Incident Response and Security Teams” (FIRST) and in the “Trusted Inducer” (TI) service. Reports on security incidents in daily operations are captured via CERT.at that can be reached on working days between 8 am and 6 pm.
The most important task of the national CERT is the visibility as the first point of contact for all concerns of IT security relating to Austria. The task is a highly coordinating one. CERT.at does not guarantee the solution to a specific problem – as there are no rights of directive or other powers against operators – but it does indeed ensure a suitable form for the forwarding of important information. A comprehensive network of contacts, e.g. to relevant operators of IT systems is necessary in order to provide the information quickly to the right organisations when required.
With the Austrian Trust Circles, which were set up by CERT.at and the Federal Chancellery, a first specific step has been taken to network security experts of the different sectors in order to have the right contacts available in specific cases.
The CERT.at services are diverse and varied, and always deal with current security threats on the Internet. For this purpose, very great faith is being placed in the collaboration and coordination with international CERTs. In addition, trust is being placed in the specifically developed sensor technology with which the Austrian Internet is proactively searched for potential and actual threats. In the event of specific threats, it is CERT.at that publishes corresponding warnings and issues suggestions or guidelines on correcting the security problem.
The CERT team primarily becomes active when events so require. This can be the case due to alerting or notification by the partner organisations or also be done at the team's own initiative. CERT.at processes all incoming reports about security-relevant events and decides on the next steps in accordance with the respective event. An acute intervention consists of forwarding appropriate information directly to the respective Internet Service Providers (ISPs) or domain owners. In the process, instructions for actions are provided and information shared as to how threats can be best eliminated. Here, CERT.at primarily has an advisory and supporting role, the actual elimination of the problem, however, can only be done by the persons concerned themselves. The range of tasks is rounded off by project-related work such as within the framework of developing an Austrian cyber security strategy.
Contact: Security warnings can be subscribed to on www.cert.at; CERT.at will also accepts reports and requests by mail at firstname.lastname@example.org or from Monday to Friday between 8am and 6pm by telephone on +43 505 64 16 78. The customer group “public administration and critical infrastructure” can also contact email@example.com by mail.