-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 RFC 2350 Version: 1 Date: 28.06.2018 Author: Stefan Lenzhofer 1. Document information This document contains a description of the Austrian Energy CERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of last update 28.06.2018 1.2 Distribution list for notifications There is no distribution list for notifications as of 2018/06. 1.3 Locations where this document may be found The current version of this document can always be found at https://www.energy-cert.at/de/download/ . For validation purposes, a GPG signed ASCII version of this document is located at https://www.energy-cert.at/de/download/ . The key used for signing is the Austrian Energy CERT key as listed under 2.8. 2. Contact information 2.1 Name of the team Austrian Energy CERT (AEC) 2.2 Address nic.at GmbH Austrian Energy CERT Karlsplatz 1/9 1010 Vienna Austria 2.3 Time zone We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time). 2.4 Telephone number +43 1 5056416 92 2.5 Facsimile number +43 1 5056416 93 2.6 Other telecommunication None. 2.7 Electronic mail address Please send incident reports to reports@energy-cert.at . Non-incident related mail should be addressed to team@energy-cert.at . 2.8 Public keys and encryption information Austrian Energy CERT uses a master signing key (of CERT.at) to sign all keys used for operational purposes. This trust anchor is: pub 4096R/998C1CC6C2E0E6A7 2014-03-19 [expires: 2019-03-18] Key fingerprint = FB59 8F2F 6B68 0211 F85D 2A0C 998C 1CC6 C2E0 E6A7 uid CERT.at master key sub 4096R/9D1B02A6B0454903 2014-03-19 [expires: 2019-03-18] and can be found on most key-servers. Please DO NOT use this key for communications with us. All official communication by Austrian Energy CERT will be signed by the current team key: pub ID: CA51953660F3B29B 4096R/60F3B29B 2017-03-20 [expires: 2022-03-19] Key fingerprint = 945C 2808 4340 505C 36CC FA6B CA51 9536 60F3 B29B uid Austrian Energy CERT (Incidents) uid Austrian Energy CERT (General Communication) sub 4096R/52AB29F9 2017-03-20 [expires: 2022-03-19] Encrypted communications with the Austrian Energy CERT should use this - and only this - operational key when using PGP. S/MIME certificate for email encryption is also supported. All keys (including the keys of individual team members PGP/SMIME) can be found at following location: URL: https://www.energy-cert.at/media/files/PGP_SMIME/AEC_PGP_AND_SMIME-Certificates.zip Since the team key and the master signing key expire regularly, Autrian Energy CERT will always sign younger master signing keys with the older master signing keys as well. The current master signing key always signs the team key. 2.9 Team members The team leader of Austrian Energy CERT is Stefan Lenzhofer. Management, liaison and supervision are provided by Robert Schischka, Technical Manager of nic.at. 2.10 Other information - - - 2.11 Points of customer contact The preferred method for contacting Austrian Energy CERT is email. For incident reports and related issues please use reports@energy-cert.at. This will create a ticket in our tracking system and is processed by the human on duty. For general inquiries please send e-mail to team@energy-cert.at. If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +43 1 5056416 92. Austrian Energy CERT's hours of operation are generally restricted to local regular business hours: Mon-Fri, 8 a.m. - 6 p.m. CET/CEST. 3. Charter 3.1 Mission statement The purpose of Austrian Energy CERT is to coordinate security efforts and incident response for IT/OT-security problems of the energy sector on a national level in Austria. 3.2 Constituency The constituency of the Austrian Energy CERT is the natural gas, electricity and oil industry of Austria. 3.3 Sponsorship and/or affiliation Austrian Energy CERT is an initiative of the Austrian gas, elecricity and oil industry and is operated by nic.at, the Austrian domain registry. Funding is provided by the constituency. Funding is provided by members of the natural gas, electricity and oil industry. Organizational aspects on the foundation of the AEC can be found at http://www.aec.arge.or.at/ . 3.4 Authority The main purpose of the Austrian Energy CERT in incident handling is the coordination of incident response. As such, we can only advise our constituency and have no authority to demand certain actions. 4. Policies 4.1 Types of incidents and level of support The Austrian Energy CERT is authorised to address all types of computer security incidents which occur, or threaten to occur, in our constituency (see 3.2) and which require cross-organisational coordination. The level of support given by Austrian Energy CERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time. Special attention will be give to issues affecting funding members and critical infrastructure. Austrian Energy CERT is committed to keeping its constituency informed of potential vulnerabilities, and, where possible, will inform this community of such vulnerabilities before they are actively exploited. 4.2 Co-operation, interaction and disclosure of information The Austrian Energy CERT will cooperate with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless Austrian Energy CERT will protect the privacy of reporters, partners and our constituents, and will therefore (under normal circumstances) pass on information in an anonymised way only. Austrian Energy CERT operates under the restrictions imposed by Austrian law. This involves careful handling of personal data as required by Austrian Data Protection law, but it is also possible that - according to Austrian law - Austrian Energy CERT may be forced to disclose information due to a court order. All information is processed under Traffic Light Protocol (TLP). By default, the Austrian Energy CERT treats all submitted information as confidential, and will only forward it to concerned parties in order to resolve specific incidents. (TLP:AMBER) In its role as a component of the Austrian cyber security coordination the Austrian Energy CERT will share anonymised incident information. 4.3 Communication and authentication For normal communication not containing sensitive information Austrian Energy CERT might use conventional methods like unencrypted e-mail or fax. For secure communication PGP-encrypted or S/MIME-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. 5. Services 5.1 Incident response Austrian Energy CERT will assist IT/OT-security teams in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1. Incident triage - determining whether an incident is authentic - assessing and prioritizing the incident 5.1.2. Incident coordination - determine the affected organizations - contact the affected organizations to investigate the incident and take the appropriate steps - facilitate contact to other parties which can help resolve the incident - send reports to other CERTs - provide the interface to the national cyber security coordination 5.1.3. Incident resolution - advise local security teams on appropriate actions - follow up on the progress of the concerned local security teams - ask for reports - report back 5.2 Proactive activities Austrian Energy CERT tries to - maintain up-to-date contact information of local security teams - raise security awareness in its constituency - administrate contact information of local security teams - publish announcements concerning serious security threats to its constituency - observe current trends in technology - distribute relevant knowledge to the constituency - provide fora for community building and information exchange within the constituency 6. Incident reporting forms There are no local forms available. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, Austrian Energy CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFwoCENAUFw2zPprylGVNmDzspsFAls6ES0ACgkQylGVNmDz spsUXxAAlH/9m0Sw9blGCf0HpJ5CoqQR89D+btBukE28K4CR70LPock6kenYP+Al zXoNiV8BS39bjHeVlOGDOUQ4Ml2wQ7tx4wSx24EyuLu3YcVMSme4IMZ2zi5Ps+Ln X+7jKtnMyxipBe66micpXPNLg2sS9NtgusnXQn0YTUwal+5FAivNnDJcspXQOzXz V28LFG158T6P8YQMARdFpq+rPGN9gS0DDVyhpEO+fYyU42ISyBHQS8rY82GZ+EHR NyYjJi01htKZqc8a6KLpvfRHFDW3hBU2qj6IFqeIvvqxaTswUl5wAQE7p6MoOZrd ZfpfhPIFon+VoTZMici+ZpFBSQAH/rS3hdKdJCzQJZKrsf20SH2YdrYL1NSXph8/ 2DKQvyEgYNPSk80mRp/hvixnjXaA671TbD8lFQrM2Y2nxTSaX4X9KHTyH5f4Hb/r I4lmh4ovlQ7mezJ2b1GUGdspFzIg5wId3jMcb63VNv16h4MEJI+BJHYYXresZgxA xYb6YtzkBHQ1QjJbhz31FCSXNvJK1hBwPQAW7PL1ted+qsMdDNDdE1jMrahkTmzo BQWWVqqQ43Tgx/DpJhuJiUeMiXwqAIvJo1+edCaLcmHvQOOhjm02EJ+iSacuufvB 4ectw8EGxejGyOd959jYakoNNPSyWjd1KOrmSSy8cGz0Gyie8Lw= =G2Bg -----END PGP SIGNATURE-----