CSIRT Description for CERT PSE ================================= 1. About this document 1.1 Date of Last Update This is version 2, published on 5th July 2018. 1.2 Distribution List for Notifications Currently CERT PSE does not use any distribution lists to notify about changes in this document. 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from the CERT PSE WWW site; its URL is https://cert.pse-online.pl/rfc2350-4/ Please make sure you are using the latest version. 2. Contact Information 2.1 Short Name of the Team CERT PSE 2.2 Name of the Team Zespół Reagowania na Incydenty Komputerowe – CERT PSE 2.3 Address CERT PSE Polskie Sieci Elektroenergetyczne S.A. ul. Warszawska 165 05-520 Konstancin-Jeziorna Poland 2.4 Time Zone Central European Time (GMT+0100, GMT+0200 from April to October) 2.5 Telephone Number landline: +48 22 242 1 996 mobile: +48 571 207 996 2.6 Facsimile Number +48 22 242 2323(note: this is *not* a secure fax) 2.7 Electronic Mail Address cert@pse.pl 2.8 Public keys and Other Encryption Information CERT PSE has a PGP key, which Key ID is 0×1FC84641 and which fingerprint is 27FD 35DE CCD9 AC10 CE47 E201 6650 30CD 1FC8 4641 The key and its signatures can be found on our website - https://cert.pse.pl/pgp/ 2.9 Other Information General information about CERT PSE, as well as links to various recommended security resources, can be found at https://cert.pse.pl/ CERT PSE posts short messages on current events to the following twitter accounts https://twitter.com/CERTPSE 2.10 Points of Customer Contact The preferred method for contacting CERT PSE is via e-mail at ; e-mail sent to this address will be handled by the responsible human. We encourage our customers to use PGP encryption when sending any sensitive information to CERT PSE. If it is not possible (or not advisable for security reasons) to use e-mail, CERT PSE can be reached by mobile telephone 24/7. CERT PSE hours of operation are generally restricted to regular business hours (07:00 - 16:00 CET/CEST Monday to Friday except holidays) with 24/7 on-call duty service. 3. Charter 3.1 Mission Statement The main goals for CERT PSE are: - Promote secure networking - Deal with computer security incident - achieve fruitful cooperation among other power electrical company. - to assist the power energy community in raising the level of security knowledge. 3.2 Constituency CERT PSE constituency is: - ASN: 47876; - IP: 91.208.150.0/24 and 91.209.155.0/24; - Domains: pse.pl, pse-online.pl, pse-operator.pl, pse-polnoc.pl, pse-wschod.pl, pse-zachod.pl, pse-poludnie.pl, pse.com.pl, zrkdt.pl, energo-lex.pl, elektroenergetyka.org, cybertechrange.pl, aliegro.pl, e-pse.pl, energytrends.pl, medycyna-azjatycka.pl, podatkowy.net, praca48.pl, pse-operator.com.pl, pseenergytrends.pl, rybolowyonline.pl, rynek-mocy.pl, rynekmocy.com.pl, rynekmocy.pl, sporty-online.pl, stacjachelm.pl, stacjalublinsystemowa.pl, superprezent.com.pl, wakacje24.org.pl 3.3 Sponsorship and/or Affiliation CERT PSE is financially maintained by the Polskie Sieci Elektroenergetyczne S.A. which it is formally a part of. 3.4 Authority Authority The CERT PSE operates under the auspices of, and with authority delegated by, PSE S.A. The CERT PSE expects to work cooperatively with system administrators and users (customers) at PSE S.A. network, and, insofar as possible, to avoid authoritarian relationships. However, should circumstances warrant it, the CERT PSE has the authority to take the measures it deems appropriate to properly handle a computer security related incident. 4. Policies 4.1 Types of Incidents and Level of Support CERT PSE is authorized to address all types of computer security incidents which occur, or threaten to occur, in PSA S.A. networks. The level of support given by CERT PSE will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CERT PSE resources at the time. Incidents will be prioritized according to their apparent severity and extent. 4.2 Co-operation, Interaction and Disclosure of Information CERT PSE exchanges all necessary information with other CSIRTs as well as with affected parties' administrators. No personal nor overhead data are exchanged unless explicitly authorized. All sensitive data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below. 4.3 Communication and Authentication Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail, GPG will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission. 5. Services 5.1 Incident Response CERT PSE will assist system administrators in handling the technical and organizational aspects of the incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management: 5.1.1 Incident Triage - Investigating whether indeed an incident occurred. - Determining the extent of the incident. 5.1.2 Incident Coordination - Determining the initial cause of the incident (vulnerability exploited) - Facilitating contact with other sites which may be involved. - Facilitating contact with appropriate law enforcement officials, if necessary. - Making reports to other CSIRTs - Composing announcements to users, if applicable 5.1.3 Incident Resolution CERT PSE will give advice but no physical support whatsoever to customers from the PSE S.A. internal network with respect to the incident resolution. - Removing the vulnerability. - Securing the system from the effects of the incident. - Collecting the evidence of the incident. In addition, CERT PSE will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks. 5.2 Proactive Services CERT PSE coordinates and maintains the following services to the extent possible depending on its resources: - Information services through the following channels: - website: https://cert.pse.pl/ - twitter: https://twitter.com/CERTPSE - Training and educational services 6. Incident Reporting Forms CERT PSE only handles incidents reported by e-mail or phone. Contact data is available at: https://cert.pse.pl/kontakt/ 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CERT PSE assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.