CSIRT Description for milCERT ----------------------------- 1. About this document 1.1 Date of Last Update This is version 1.01, published 2019/11/18. 1.2 Distribution List for Notifications There is no distribution list for notifications as of 2019/11. 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available at http://www.bundesheer.at/misc/rfc2350.txt Die aktuellste Version dieses Dokumentes kann auf der Webseite des Österreichischen Bundesheers unter folgendem Link aufgerufen werden. http://www.bundesheer.at/misc/rfc2350.txt Please make sure you are using the latest version. 2. Contact Information 2.1 Name of the Team Military Computer Emergency Readiness Teams (milCERT) 2.2 Address ÖSTERREICHISCHES BUNDESHEER IKT & Cybersicherheitszentrum milCERT Amtsgebäude Stiftgasse 1070 Wien, Stiftgasse 2A 2.3 Time Zone CET/CEST (GMT+0100/+0200) 2.4 Telephone Number +43 50201 10 33590 2.5 Facsimile Number None. 2.6 Other Telecommunication None. 2.7 Electronic Mail Address cert@bmlv.gv.at 2.8 Public Keys and Other Encryption Information Encrypted communications with milCERT should use this - and only this - operational key. The public key can be found at http://www.bundesheer.at/misc/ 2.9 Team Members The chief of milCERT is Lamber SCHARWITZL No additional information will be provided 2.10 Other Information General information about the Austrian Armed Forces can be found on https://www.bundesheer.at 2.11 Points of Customer Contact The preferred method for contacting the milCERT is via e-mail at cert@bmlv.gv.at If it is not possible (or not advisable for security reasons) to use e-mail, milCERT can be reached by telephone during regular office hours (Mon-Fri except holidays, 8 a.m. - 4 p.m. CET/CEST). 3. Charter 3.1 Mission Statement The primary task of milCERT is the military self-protection of information security and ensuring leadership support in the information area. The use of technical milCERT specialists in cases of serious cyber incidents is also provided according to the Defense Act §2. In the case of a cyber attack, the resilience of cyber security forces will be be ensured by the milCERT. 3.2 Constituency The primary task of milCERT is the military self-protection of military systems. Furthermore milCERT is part of public private partnership groups as well as national security communities. 3.3 Sponsorship and/or Affiliation MilCERT is part of the Austrian Armed Forces and therefore part of the Federal Ministry of Defence of Austria. 3.4 Authority In case of security incidents milCERT cooperates with national security communities and other representatives of its constituency. milCERT is in charge of proactive, detective and reactive IT security measures within the Austrian Armed Forces. 4. Policies 4.1 Types of Incidents and Level of Support milCERT is authorised to address all types of computer security incidents which occur, or threaten to occur, in our constituency (see 3.2) and which require cross-organisational coordination. The level of support given by milCERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time. milCERT is committed to keeping its constituency informed of potential vulnerabilities, and, where possible, will inform this community of such vulnerabilities before they are actively exploited. Types of incidents will be prioritized according to their apparent severity and extent. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance. 4.2 Co-operation, Interaction and Disclosure of Information milCERT will cooperate with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless milCERT will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) pass on information in an anonymised way only unless other contractual agreements apply. milCERT operates under the restrictions imposed by Austrian law. This involves careful handling of personal data as required by Austrian Data Protection law and the GDPR, but it is also possible that - according to Austrian law - milCERT may be forced to disclose information due to a court order. milCERT treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given. 4.3 Communication and Authentication For normal communication not containing sensitive information milCERT might use conventional methods like unencrypted e-mail or fax. For secure communication PGP-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. 5. Services 5.1 Incident Response The primary task of milCERT is the military self-protection of information security and ensuring leadership support in the information area. 5.2 milCERT takes care of incident and vulnerability management. milCERT is in contact with national and international IT security communities and takes part in information security related activities on a national and European level. 6. Incident reporting forms There are no local forms available. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, milCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.