1. Preliminary remark
Based on RFC 2350 (Expectations for Computer Security Incident Response, http://www.ietf.org/rfc/rfc2350.txt), this document describes the technical and organizational interface to CERT@VDE, the "Computer Emergency Response Team" at VDE. A formalized brief description of a CERT structure in accordance with RFC 2350 has become established as a quasi-standard and is suitable for providing a quick overview of the interfaces and services of a CERT.
2. Contact information
2.1 Name of the team
CERT@VDE
2.2 Postal address
CERT@VDE
VDE Verband der Elektrotechnik Elektronik Informationstechnik e.V.
Merianstraße 28
63069 Offenbach am Main
2.3 Time zone
Europe/Berlin, GMT+1 and
Europe/Berlin, GMT+2, according to § 2 SoZV from the last Sunday in March to the last Sunday in October.
2.4 Telephone
+49 69 6308 400
2.5 Fax
On request
2.6 E-mail addresses
info@certvde.com
The use of S/MIME or PGP encryption is recommended for the electronic transmission of confidential information. S/MIME and PGP are supported.The information required for S/MIME and PGP can be found here. It is advised to verify the fingerprint via phone.
2.7 World Wide Web
Internet-Webseite: https://certvde.com
2.8 Personnel composition of the CERT@VDE
CERT@VDE is made up exclusively of VDE e.V. employees.
2.9 Operating times
CERT@VDE can be reached by telephone and e-mail during the following office hours:
Monday to Thursday: 09:00 a.m. to 04:00 p.m.,
Friday: 09:00 a.m. to 03:00 p.m.
(Exceptions: December 24 and 31, as well as public holidays in the state of Hesse).
3. Organizational framework
3.1 Objectives and tasks (mission statement)
The aim of CERT@VDE is to support companies in the coordination of IT security problems in industrial automation. CERT@VDE offers manufacturers, operators and integrators in the automation industry the opportunity for an intensive and trusting exchange.
In detail, this results in the following objectives:
- Provision of a central organizational and technical point of contact for the target group with regard to preventive, reactive and sustainable measures in the event of security incidents in industrial automation IT systems
- Protecting networked production systems from malicious and unauthorized attacks
Preventing industrial espionage and the outflow of know-how from Germany - Preventing the impact of IT security incidents on functional safety
- Establishment of efficient and effective cooperation structures for optimal cooperation between those responsible for safety, security and production
- Establishment of a warning system that organizes and distributes current product safety information in a meaningful and target group-oriented manner
3.2 Target group (constituency)
The services of CERT@VDE are primarily aimed at manufacturers, users, operators and integrators in the automation industry. The services offered by CERT@VDE are geared towards the needs of product safety teams and product safety officers in this target group.
3.2.1 Domains und IP Ranges
CERT@VDE is responsible for the IP addresses in the network 185.26.157.160/27, as well as for all domains that resolve to this network (cert.vde.com).
3.3 Memberships and working groups
CERT@VDE aims to become a member of the Germany-wide CERT network (https://www.cert-verbund.de), a cooperation between CERTs at state and federal level. Further memberships are planned in the following institutions: Alliance for Cyber Security (https://www.allianz-fuer-cybersicherheit.de), Trusted Introducer (https://www.trusted-introducer.org). CERT@VDE will also maintain a cooperation with the ICS-CERT (https://ics-cert.us-cert.gov), ENISA and the Federal Office for Information Security (BSI) that is coordinated with the target group.
3.4 Responsibilities and powers
CERT@VDE aims to improve the safety and quality of German industry. The focus is on the interests of manufacturers, machine and system builders and integrators. CERT@VDE coordinates the effective distribution and evaluation of product safety information between the various participants in the industry in order to demonstrably reduce the general risk of damage. With the help of CERT@VDE, the aim is to enable new safety issues and challenges to be tackled jointly and therefore much more efficiently.
3.5 Reaction
CERT@VDE supports the target group in dealing with security gaps through structured information transfer and status analyses. To this end, CERT@VDE receives reports of IT security incidents, checks, evaluates and documents the facts and coordinates and supports the processing of IT security incidents with the target group.
3.6 Prevention
CERT@VDE will operate a warning and information service on IT security vulnerabilities and acute threats in order to effectively pass on product security information from the target group to third parties, as well as from third parties to the target group. This will enable the target group to make preventive preparations in the event of an emergency.CERT@VDE also supports the creation and further development of IT security standards and best practices.
4. incident report
For a correct and complete recording of IT security incidents, at least the following information must be provided to CERT@VDE if possible:
- Master data of the notifier
- Reporting organization / person
- Name and function of the notifier
- Postal address of the organization / person
- Telephone and fax number of the notifier, which can be reached promptly
- E-mail address of the notifier
- Initial notification / interim or final notification
- Classification of the incident report from the perspective of the reporter
- Urgency
- Criticality
- Details of the IT security incident detected
- Technical description of the incident to delineate what constitutes the incident from the reporter's point of view.
- Description of the effects of the incident that have already been identified, such as restrictions on the availability of services, applications or processes.
5. Disclaimer
This information is provided on an informal basis. All information has been compiled and checked with the greatest possible care. However, no liability or guarantee can be assumed for the correctness and completeness of the information contained herein or for any consequences arising from the use of this information.