Since 2015, the PGE-CERT security incidents response team has been operating at PGE Systemy.
Main PGE-CERT tasks are:
- Reacting to and completely mitigating information security incidents in the PGE Capital Group.
- Minimizing the effects of information security incidents.
- Communicating with other entities and coordinating efforts between departments and companies in order to solve information security incidents.
- Cooperating with government entities and forces responsible for information security.
- Communicating and cooperating with other CERT/CSIRT teams in the scope of alarming, mitigating and minimizing the effects of security incidents.
- Monitoring the security of services for the PGE Capital Group.
Traffic Light Protocol
Just like other security teams, PGE-CERT uses Traffic Light Protocol (TLP). The protocol was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs four colors to indicate expected sharing boundaries to be applied by the recipient(s).
What is TLP?
Traffic Light Protocol is a set of rules grouped in 5 categories. It is used in order to define the recipients of a message in a better way. In order to make it as simple as possible TLP is using five colors (RED, AMBER, AMBER STICT, GREEN, CLEAR) to categories the information being shared. Choosing the right category is a responsibility of the organization who is sharing the information. If a recipient needs to share the information more widely than indicated by the original TLP designation, they must obtain explicit permission from the original source.
|TLP:RED||Not for disclosure, restricted to participants only|
|TLP:AMBER||Limited disclosure, restricted to organization and it's clients|
|TLP:AMBER+STRICT||Limited disclosure, restricted to organization only|
|TLP:GREEN||Limited disclosure, restricted to the community|
|TLP:CLEAR||Disclosure is not limited|
Information about the used TLP should be put in the header or the footer of the message. Preferably the ‘TLP: [COLOR]’ syntax should be used. The Traffic Light Protocol has no use for information that is classified or should be kept secret.
Please use TLP when contacting PGE-CERT. The information should be clearly labeled with the chosen color in the subject of the email and before the information itself.
The chosen color of TLP should be written with capital letters: TLP: RED, TLP: AMBER, TLP:AMBER+STRICT, TLP: GREEN or TLP: CLEAR
PGE-CERT contact information
In emergency cases please contact the PGE-CERT team through email:
PGE Systemy S.A.PGE-CERT, ul. Mysia 2, 00-496 Warsaw
Please submit the following information:
- Your contact information and your organization’s information
- Your name and the address of your organization
- Email adress
- Phone number
- IP addresses, FQDN(s) and all other technical information, that is in your opinion important, with the corresponding observations.
- Scanning results (if applicable) and/or parts of log information that shows the problem.
In order to keep our correspondence private please use the PGP/GPG system when contacting PGE-CERT.
Our PGP key:
Description of PGE-CERT according to the RFC 2350