-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CSIRT Description for PGE-CERT ================================ 1. About this document This document contains a description of PGE-CERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 2.00, published at 2022-12-19 Currently PGE-CERT does not use any distribution lists to notify about changes in this document 1.2 Distribution List for Notifications Notifications of updates are submitted to Trusted Introducer by e-mail: 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from PGE-CERT website at: https://pgesystemy.pl/CERT Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with GPG key and its authenticity can be verified with PGE-CERT GPG key as published in 2.8 2. Contact Information 2.1 Name of the Team PGE-CERT 2.2 Address PGE-CERT Mysia 2 Street 00-496 Warsaw Poland 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 885 552 646 2.5 Facsimile Number None available 2.6 Other Telecommunication None available 2.7 Electronic Mail Address cert@gkpge.pl 2.8 Public Keys and Other Encryption Information PGE-CERT uses the GPG key: User ID: PGE-CERT Key ID: 9251 2170 13F0 22C6 Key type: RSA Key size: 4096 Expires: 08/31/2029 Fingerprint: 32CF 7474 F83E E4F6 4865 CCFE 9251 2170 13F0 22C6 This key can be received from directory servers or directly from our website: https://pgesystemy.pl/content/download/21575/file/PGE-CERT-GPG.txt 2.9 Other Information General information about PGE Systemy S.A. can be found at https://www.gkpge.pl/Investor-Relations/PGE-Group/Who-we-are 2.10 Points of Customer Contact PGE-CERT prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality PGE-CERT hours of operation are generally restricted to regular business hours (07:00-19:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement Building the Customer's competence and capabilities in avoiding, identifying and mitigating the cyber threats and Customer support in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency The CERT constituency are all users and organizations of GKPGE. We are responsible for handling, managing and resolving for IT security incidents in whole PGE group. We continuously update our constituency according to the ASN, IP or domain data provided to us by our members of PGE group. 3.3 Sponsorship and/or Affiliation PGE-CERT is a private, self-funding entity. PGE-CERT is affiliated within the Trusted Introducer (https://www.trusted-introducer.org/directory/teams/pge-cert.html) 3.4 Authority PGE-CERT handles and coordinates incidents on behalf of its Customers and is bound by contractual terms. PGE-CERT however is regularly expected to make recommendations during the incident handling process where parties affected are not PGE-CERT's customers. 4. Policies 4.1 Types of Incidents and Level of Support All incidents are by default normal priority unless contractual arrangements prioritize them otherwise. Incidents handled as the contribution to the Society are therefore treated as normal priority regardless of the label attached to incident notification. It is PGE-CERT's authority to decide whether increasing the priority to emergency is appropriate. 4.2 Co-operation, Interaction and Disclosure of Information PGE-CERT declares that all information related to incidents handled is considered Confidential. Information evident to be sensitive or that may be harmful is handled only in a secure environment and encrypted in storage and in transit. When reporting an incident and providing sensitive information, please use encryption or contact PGE-CERT to arrange different channel of secure communication. PGE-CERT declares full support for the Traffic Light Protocol (https://www.first.org/tlp/). Information sent in and labelled according to TLP will be handled appropriately. Information submitted to PGE-CERT may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the sole purpose of incident handling. 4.3 Communication and Authentication PGE-CERT uses GPG encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. Messages regarding incidents are sent by PGE-CERT staff signed with our main GPG key (see 2.8) and encrypted when containing a sensitive information. PGE-CERT reserves the right to verify the authenticity of information or its source to the extent allowed by the law. 5. Services 5.1 Incident Response PGE-CERT will assist organizations in handling the technical and organizational aspects of security incidents. PGE-CERT capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Triage Incidents will be prioritized according to their apparent severity and extent Investigating whether indeed an incident occured. Determining the extent of the incident. 5.1.2. Incident Coordination Coordination of works carried out only within the internal structure of the Capital Group PGE. 5.1.3 Incident resolution Advise and coordination local teams on appropriate actions Follow up on the progress of the concerned involved local teams Ask for reports Report back 5.2 Proactive Activities PGE-CERT makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Forms There are no specific forms developed for reporting incidents to PGE-CERT, but you can directly use the e-mail contact with proper information when needed In case of emergency or crisis, please provide to PGE-CERT at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number; IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, PGE-CISRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEMs90dPg+5PZIZcz+klEhcBPwIsYFAmOhzgIACgkQklEhcBPw Isbt5g/+JCMeFLuegaLvmteJ5JAz5W/lbeIoJyrnVUAefy3eVXW8kTPBF6jffsYF gBIxR9F/pBWNCM2ofE3e+lfosRq+9bPIKsVmjJqgQ/OsjSnhr0wNAHyeJcZuD3hl DyUizXR35mRzjrvalv9KlgupjecBKxOjIlrin1AK9PV3pxnwIIHNrqfbc2nBPAK9 0Phavm3OYWuK4Bvg3mlYt85JEa3VpVsA4fzq5moxeZ/T+8w4z3p1w0Qt2pChKCL6 oh6i0KzTd2Etf/7aOxqU14kZ/HAUazFNh1umAsqC2mJWcxapsSwY5B6Zx4DRjkgo ibidvZCqnljMSdTrAxBBHDdfCjrWmPlLjMnT3x3dUZbCLcbdtoO2+cP/MPkO52EI y5kGBV7hVDn6OLpuRIIqyCOxAJ/Sb9P7V0ockwM/1ZupMAZ/iLeBQnk/jFLKr7CE /k7C32KqshkWKlFsn3gkdNPx62l+4met89Rs3herNjIsHl+6fCSgc2JV6Z1ScFnv xDvf2k8MWemaXPywDTbh/YyB9WV+CPeIBcRwK9WvCZUcQxnMq6kXfQdU5eo787g4 b6BxRlyN0XBKBLCzmXWy6UqqmBIKSscUiEusYlQYJv3flVq4YuL1/IIFQifzqEP+ sudbZXQH1PdIrbaHfR8fbppBN3G56EXvApeux6ad7jebHD36h+A= =z5zA -----END PGP SIGNATURE-----