Actualizare (aproape degeaba) privind CERT-RO
4 iunie 2011 Scrie un comentariu
Ieri vă spuneam (textul aici) că nu am găsit Hotărârea de guvern privind privind infiintarea Centrului National de Raspuns la Incidente de Securitate Cibernetica – CERT-RO.Prin amabilitatea lui @mozartrocksro, multumesc mult ! acum vă pot da referința: Hotararea 494 din 11 mai 2011 privind infiintarea Centrului National de Raspuns la Incidente de Securitate Cibernetica – CERT-RO Publicat in Monitorul Oficial 388 din 2 iunie 2011. Documentul îl găsiți aici.
După cum anticipam, mai multe probleme sunt în Hotărâre. Pe rând:
- Art. 1 punctul (4) unde se spune că CERT nu are competențe în sfera infrastructurii care are legătură cu informațiile clasificate. Mai neclar de atât nu se poate, să si pretenția că faci un punct național de contact pentru infrastructura cibernetică critică și să excluzi din start nu știm căt din această infrastructură pentru că așa zice Hotărârea e neprofesionist.
-In plus, la Art. 3 punctul (2) CERT doar cooperează cu cei din sectorul de apărare, ordine publică și siguranță națională, dar nu știm cine îi coordonează. Alt mare ZERO BARAT din document.
- Altă surpriză neplăcută, cu toate că CERT conform Art. 1 punctul (4) nu are treabă cu informațiile clasificate și că nu are competente in sfera apărării, ordine publică și siguranță națională conform Art. 3 punctul (2) totuși ”experții” noștrii care au elaborat documentul (intuiesc cine sunt dar îmi e jenă mie pentru ei) au prevăzut senini la Art. 12 punctul (7) că din Comitetul de coordonare fac parte MApN, MI, SRI, SIE, SPP ?!?!?! Alt mare ZERO BARAT.
Mă opresc aici cu observațiile, din păcate numărul de probleme cu acest document este mult mai mare, să zicem înmulțit cu 10. Cum ar spune un consultant bine plătit, heheeeeheee, mai bem o cafea, mai vedem.
Impresia generală este pentru mine că demersul denotă parohialism instituțional (lipsă crasă de cultură de securitate), amatorism și lipsă de viziune la nivelul decidenților și lipsă de atitudine reponsabilă și respect de sine la nivelul experților. Se mai văd clar divergențele între diverse entități dar și posibile interese pecuniare care primează în fața altor priorități.
Am fost curios să văd exemple din alte țări. Am ales Polonia. Structura lor de coordonare o găsiți aici. Acolo am folosit Google translate și am găsit următoarea informație:
Full description of the team (in English) in accordance with RFC 2350 “Expectations for Computer Security Incident Response” is located here . The document is signed PGP team.
Documentul cu descrierea din linkul respectiv îl aveți mi jos. În principiu spune că la nivel guvernamental de coordonarea tuturor se ocupă: Members of CERT.GOV.PL are officers of the Information Security Department of the Polish Internal Security Agency
Documentul pe larg:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CSIRT Description for CERT.GOV.PL
- ---------------------------------
1. About this document
This document contains a description of CERT.GOV.PL according to RFC 2350.
It provides basic information about the team, the ways it can be contacted,
describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 1.0, published 2008/10/15.
1.2 Distribution List for Notifications
Currently CERT.GOV.PL does not use any distribution list
to notify about changes to this document.
1.3 Locations where this Document May Be Found
The current version of this CSIRT description document is
available from the CERT.GOV.PL WWW site;
Its URL is http://cert.gov.pl/images/stories/form/RFC2350_CERT.GOV.PL_1.0.txt
1.4 Authenticating this Document
This document has been signed with the CERT.GOV.PL PGP key.
The signature is also on our web site, under:
http://cert.gov.pl/images/stories/form/RFC2350_CERT.GOV.PL_1.0.txt.asc
2. Contact Information
2.1 Name of the Team
"CERT.GOV.PL": The Governmental Computer Security Incident Response
Team of Poland.
2.2 Address
CERT.GOV.PL
DBTI ABW
ul. Rakowiecka 2a
00-993 Warszawa
2.3 Time Zone
CET - Central European Time (GMT+0100, GMT+0200 during day-light saving time)
2.4 Telephone Numbers
+48 22 5858850
+48 22 5858814
+48 22 5858844
2.5 Facsimile Number
+48 22 5858833 (this is *NOT* a secure fax)
2.6 Other Telecommunication
none available
2.7 Electronic Mail Address
Please send incident reports to <cert(at)cert.gov.pl>
2.8 Public Keys and Other Encryption Information
CERT.GOV.PL public PGP key information
* User ID: CERT GOV PL <cert@cert.gov.pl>
* Key ID: 0xEFC3F79D
* Key size: 2048
* Key type: RSA
* Expiration date: Never
* Fingerprint: 9D676793DCCF4283C7B4A349FED9BEDCEFC3F79D
* <CERT.GOV.PL public key>
The key and its signatures can also be found at the usual large
public keyservers.
2.9 Team Members
Members of CERT.GOV.PL are officers of the Information Security
Department of the Polish Internal Security Agency
2.10 Other Information
Additional information about the CERT.GOV.PL can be found at
http://www.cert.gov.pl
2.11 Points of Customer Contact
The preferred method for contacting the CERT.GOV.PL is via
e-mail at <cert(at)cert.gov.pl>; We encourage our customers to use
PGP encryption when sending any sensitive information to CERT.GOV.PL.
If it is not possible (or not advisable for security reasons)
to use e-mail, the CERT.GOV.PL can be reached by telephone during
regular office hours (07:30-16:00 Monday to Friday).
If possible, when submitting your report, use the form mentioned in section 6.
3. Charter
3.1 Mission Statement
The purpose of the CERT.GOV.PL is to provide the capability to deal
with computer security incidents in Polish Public Administration networks
and assist constituency in implementing proactive measures
to reduce the risks of computer security incidents.
3.2 Constituency
The CERT.GOV.PL constituency is all hosts in the .gov.pl domain, as well as
other hosts belonging to the Polish national critical IT infrastructure.
3.3 Sponsorship and/or Affiliation
The CERT.GOV.PL is part of Information Security Department of
Polish Internal Security Agency and is sponsored by Polish Government.
3.4 Authority
The CERT.GOV.PL operates under the auspices of, and with authority
delegated by, the Information Security Department of
the Polish Internal Security Agency.
The CERT.GOV.PL expects to work cooperatively with system
administrators and users of Polish Public Administration institutions.
CERT.GOV.PL is interested in close cooperation with any other CSIRTs,
establishing direct contacts and exchanging necessary data in order to
fulfill its mission.
4. Policies
4.1 Types of Incidents and Level of Support
The CERT.GOV.PL is authorized to address all types of computer
security incidents which occur, or threaten to occur in Polish Public Administration
(.gov.pl) and national critical IT infrastructure networks
The level of support given by CERT.GOV.PL will vary depending on
the type and severity of the incident or issue, the type of
constituent, the size of the user community affected, and the
CERT.GOV.PL's resources at the time, though in all cases some
response will be made within one business day.
Incidents will be prioritized according to their apparent severity and extent.
End users are expected to contact their systems administrator,
network administrator, or department head for assistance.
CERT.GOV.PL will give full support to the letter people.
In most cases only limited support can be given directly to end users.
4.2 Co-operation, Interaction and Disclosure of Information
CERT.GOV.PL exchanges all necessary information with other CSIRTs as well as
with affected parties' administrators. No personal nor overhead data are
exchanged unless explicitly authorized.
All sensible data (such as personal data, system configurations,
known vulnerabilities with their locations) are encrypted if they must be
transmitted over unsecured environment as stated below.
4.3 Communication and Authentication
For normal communication not containing sensitive information CERT.GOV.PL
will use conventional methods like an unencrypted e-mail or fax transmission.
For secure communication PGP-Encrypted e-mail or telephone will be used.
If it is necessary to authenticate a person before communicating,
this can be done either through existing webs of trust (e.g. FIRST)
or by other methods like call-back or even face-to-face meeting if necessary.
5. Services
5.1 Incident Response
CERT.GOV.PL will assist system administrators in handling the
technical and organizational aspects of incidents. In
particular, it will provide assistance or advice with respect
to the following aspects of incident management:
5.1.1 Incident Triage
- Investigating whether indeed an incident occurred.
- Assessing and prioritizing the incident.
5.1.2 Incident Coordination
- Determining the involved organizations.
- Contacting the involved organizations to investigate the incident and take the appropriate steps.
- Facilitating contact to other parties which can help resolve the incident.
- Sending reports to other CSIRTs.
5.1.3 Incident Resolution
- Advising local administrators on appropriate actions.
- Collecting the evidence of the incident (if requested).
CERT.GOV.PL is also collecting statistics about incidents within its constituency.
5.2 Proactive Activities
- publishing announcements concerning security threats.
- raising security awareness in its constituency.
- using security scanners to detect vulnerable systems and/or services.
- coordinating trainings for its constituency
6. Incident Reporting Forms
CERT.GOV.PL had created a local form designated for
reporting incidents to the team. We strongly encourage anyone reporting
an incident to fill it out, although this is never required.
The current version of the form is available from:
http://cert.gov.pl/images/stories/form/formularz.doc
Note: This form is only available in Polish.
7. Disclaimers
While every precaution will be taken in the preparation of
information, notifications and alerts, CERT.GOV.PL assumes no
responsibility for errors or omissions, or for damages
resulting from the use of the information contained within.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFJCBQR/tm+3O/D950RApNvAJ0dbLc3dkepUr5WEoZBd1GOP9kQ4wCeL2L6
0rpdwtQcRQNwbgDqoPXtWio=
=4ZHK
-----END PGP SIGNATURE-----
