RFC 2350
1 Document Information

This document contains a description of the National Cyber Security Centre of Ireland's (NCSC-IE) Computer Security Incident Response Team (CSIRT-IE) in accordance with RFC 2350. It provides basic information about the CSIRT-IE team, its channels of communication and its roles and responsibilities.

1.1 Date of Last Update
Version 1.9 - November 27th 2020
 
1.2 Distribution List for Notifications
There is no distribution list for notifications.

1.3 Locations where this Document May Be Found
Hard Copy available on request from the NCSC-IE located at the Department of the Environment, Climate and Communications.


 
2 Contact Information

2.1 Name of Team      
Computer Security Incident Response Team for Ireland (CSIRT-IE); the CSIRT for Irish Government departments and core State agencies.

2.2 Address
CSIRT-IE, National Cyber Security Centre, Department of the Environment, Climate and Communications, 29-31 Adelaide Road, Dublin, D02 X285, Ireland.

2.3 Time Zone
Co-ordinated Universal Time + 01:00 (UTC + 1) from last Sunday in March to last Sunday in October. i.e. GMT + 1
Daylight saving time observed from October to March i.e. UTC alternatively known as GMT.

2.4 Telephone Number
+353 1 6782333

2.5 Facsimile Number
+353 1 6782729

2.6 Other Telecommunication
None

2.7 Electronic Mail Address
To report an incident please use: certreport@ncsc.gov.ie or incident@ncsc.gov.ie.
To contact CSIRT-IE for other matters please use: info@ncsc.gov.ie.

2.8 Public Keys and Encryption Information
Encrypted communications with certreport@ncsc.gov.ie should use the operational PGP key found here:
https://www.ncsc.gov.ie/PGP/pgpkey.asc

2.9 Team Members
The team comprises of information security specialists from across Government departments and core agencies.

2.10 Points of Customer Contact
The preferred method to contact the CSIRT-IE is to send an e-mail to the address certreport@ncsc.gov.ie which is monitored by a duty officer during hours of operation.
If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +353 1 6782333.
CSIRT-IE hours of operation are 09:00 to 16:30 Monday to Friday, excluding public holidays.
Telephone opening hours: 09:30 to 16:00 Monday to Friday, excluding public holidays.


 
3 Charter

3.1 Mission Statement
CSIRT-IE's mission is to support Government departments and core agencies in responding to cyber incidents, including in particular malicious cyber-attacks that would hamper the integrity of their information system assets and harm the interests of the Irish State. CSIRT-IE also acts as a national point of contact for cyber-attacks involving entities within Ireland.
The scope of CSIRT-IE's activities covers prevention, detection, response and mitigation services to Government departments and core State agencies.

3.2 Constituency
The constituency of CSIRT-IE is composed of all Government departments and core agencies of the Irish State. In addition to Government departments and agencies CSIRT-IE is the CSIRT for all Digial Service Providers and Operators of Essential Services as outlined in the EU NIS Directive and S.I 360 of 2018. 
Note: to report an incident as a constituent you must be an official in a Government department or core agency with the authority to make such a report.

3.3 Sponsorship and/or Affiliation
CSIRT-IE is part of the NCSC in the Department of the Environment, Climate and Communications and has been established in accordance with Government policy. CSIRT-IE is publicly funded.

3.4 Authority
The establishment of CSIRT-IE was mandated by a decision of the Government of Ireland.


 
4 Policies

4.1 Types of Incident and Level of Support
A cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity or availability of network and information systems of CSIRT-IE's constituents. All such incidents should be reported to CSIRT-IE. The level of support given by CSIRT-IE will vary depending on the type and severity of the incident, the constituent and/or constituents impacted and available resources.

4.2 Co-operation, Interaction and Disclosure of Information
CSIRT-IE values the importance of operational cooperation and information-sharing between Computer Security Incident Response Teams, and also with other organisations which may contribute towards or make use of their services.
CSIRT-IE operates within the confines imposed by EU and Irish national legislation.
CSIRT-IE handles all information received in confidence. Information is only distributed to other teams and constituents on a need-to-know basis and, unless otherwise required by law, in an anonymised fashion. CSIRT-IE uses the Traffic Light Protocol as the basis for information exchange.

4.3 Communication and Authentication
For normal communication not containing sensitive information, CSIRT-IE will use conventional methods such as unencrypted e-mail. For secure communication involving authentication; PGP encrypted e-mail, the telephone and facsimile are used.


 
5 Services

5.1 Incident Response
CSIRT-IE provides assistance to constituents in handling the technical and organizational aspects of incidents.
Advisories on risks, threats and vulnerabilities are provided to constituents on a need-to-know basis. These advisories can include recommendations and mitigating measures. Alerts are provided to specified constituents in response to specific information security intelligence.

5.2 Incident Handling
CSIRT-IE provides incident handling services in accordance with S.I. 360 of 2018 to the sectors specified in Schedule 1 and the service providers specified in Schedule 2 of the legislation.
 
6 Incident Reporting Forms

If you wish to report a security incident you should be an agent of a constituent (e.g. an official in a Government department or agency with the authority to make such a report). An incident reporting form is available on request or alternatively an email with brief details of the incident can be sent directly to certreport@ncsc.gov.ie.
Members of the public wishing to alert CSIRT-IE to a particular cyber-security related matter may do so using the email address info@ncsc.gov.ie.


 
7 Disclaimers

The National Cyber Security Centre on behalf of CSIRT-IE does not accept any legal liability whatsoever arising from, or connected to, the accuracy, reliability, currency or completeness of any material published on this website or any linked website.
We strongly recommend that users exercise their own judgment with respect to the use of this website and carefully evaluate the accuracy, currency, completeness and relevance of the information on this website for their purposes.
Links to other websites are provided for users' convenience and do not constitute endorsement of material on those sites or any associated organisation, product or service. Users of this website are also directed to our privacy statement.
Information from this website may not be used for commercial purposes, nor can data be copyrighted without agreement from the NCSC.