CERT-EE, established in 2006, is an organisation responsible for the management of security incidents in .ee computer networks. It is also a national contact point for international co-operation in the field of IT security.
Its duty is to assist Estonian Internet users in the implementation of preventive measures in order to reduce possible damage from security incidents and to help them in responding to security threats. CERT-EE deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.
The support provided by CERT Estonia depends on the type and severity of a security incident, on the number of users potentially affected by it and on resources available for the organisation.
Aims of CERT-EE:
- monitoring of the state of information security in Estonia by using received reports and collecting information about information security incidents;
- preventing security incidents and reducing security risks, mainly by raising awareness and through communication work;
- assisting institutions regarding security incidents and advising them if they want law enforcement agencies to start an incident investigation.
CERT-EE is a member of the CSIRTs Network.
Activities of CERT Estonia
Handling incidents: receiving incident reports, assigning priorities to incidents according to their severity level, performing incident analysis, responding to incidents, giving assistance in incident response, coordinating incident response activities.
Giving warnings/notices: gives the users information about security gaps, which have been discovered in most popular systems and applications in Estonia. Warnings are mainly given to the attacks and security gaps with a high criticality level and for extremely widespread viruses.
Support for institutions and Internet service providers: support for system administrators, network administrators or customer support that the end users should contact in case of security incidents. The extent of CERT Estonia support depends on the type and criticality of the security incident, the extent of the influenced environment and the resources available in the team.
Preventive measures: periodic events and media campaigns for raising awareness about information security.
CERT – what is it?
CERT is an organisation that handles security incidents in the framework of CERT activity. CERT organisations exist worldwide and they cooperate closely, share information about information security incidents and give notifications about security hazards.
About security incidents
Security incident is a situation where the confidentiality, integrity and the processability of the information system and/or the information of an organisation, institution or a person is being violated. Security incidents are also situations where somebody else’s information system is used without an authorisation or its functionality is being deliberately interfered with.
Security incidents are prioritised according to their potential severity and scope. The following aspects are taken into account in the prioritisation of security incidents:
- the number of affected users;
- the type of an incident;
- the target of an attack as well as the attack’s point of origin;
- resources required to handle the incident.
High-priority incidents include, for instance: attacks that may jeopardise people’s lives, attacks on Internet infrastructure (name servers, major network nodes and large-scale automatic attacks on web servers), etc.
Sharing information with CERT-EE regarding cyber incident is protected as information intended for internal use in accordance with Cybersecurity Act and Public Information Act.
As CERT-EE does not render services to end users, the latter should, in case of security incidents, turn to system administrators either at their Internet service provider or in their organisation, to network administrators or customer support.
Any malicious activity believably originating from the Estonian networks/resources should be reported directly to the resource owner (eg ISP or web hosting provider). If you cannot find the contacts of this resource owner or they do not reply, please escalate the issue to CERT-EE. Large scale incidents involving Estonian resources can be reported directly to CERT-EE.
Contacts of CERT-EE
You can use the following methods to send us encrypted messages:
- CERT-EE’s organisations certificate (CDOC): Riigi Infosüsteemi Amet: CERT
- PGP public key: 0F1F BAA2 59B5 6929 CDC2 53D5 953F F99A 8A03 E7F1