RFC 2350 1 Document Information This document contains a description of the National Cyber Security Centre of Ireland's (NCSC-IE) Computer Security Incident Response Team (CSIRT-IE) in accordance with RFC 2350. It provides basic information about the CSIRT-IE team, its channels of communication and its roles and responsibilities. 1.1 Date of Last Update Version 2 - October 1st 2024 1.2 Distribution List for Notifications There is no distribution list for notifications. 1.3 Locations where this Document May Be Found Hard Copy available on request from the NCSC-IE located at the Department of the Environment, Climate and Communications. 2 Contact Information 2.1 Name of Team Computer Security Incident Response Team for Ireland (CSIRT-IE); the CSIRT for Irish Government departments and core State agencies. 2.2 Address CSIRT-IE, National Cyber Security Centre, Department of the Environment, Climate and Communications, Tom Johnson House, Haddington Road, D04K7X4, Ireland. 2.3 Time Zone Co-ordinated Universal Time + 01:00 (UTC + 1) from last Sunday in March to last Sunday in October. i.e. GMT + 1 Daylight saving time observed from October to March i.e. UTC alternatively known as GMT. 2.4 Telephone Number +353 1 6782333 2.5 Facsimile Number +353 1 6782729 2.6 Other Telecommunication None 2.7 Electronic Mail Address To report an incident please use: certreport@ncsc.gov.ie or incident@ncsc.gov.ie. To contact CSIRT-IE for other matters please use: info@ncsc.gov.ie. 2.8 Public Keys and Encryption Information Encrypted communications with certreport@ncsc.gov.ie should use the operational PGP key found here: https://www.ncsc.gov.ie/PGP/pgpkey.asc 2.9 Team Members The team comprises of information security specialists from across Government departments and core agencies. 2.10 Points of Customer Contact The preferred method to contact the CSIRT-IE is to send an e-mail to the address certreport@ncsc.gov.ie which is monitored by a duty officer during hours of operation. If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +353 1 6782333. CSIRT-IE hours of operation are 09:00 to 16:30 Monday to Friday, excluding public holidays. Telephone opening hours: 09:30 to 16:00 Monday to Friday, excluding public holidays. 3 Charter 3.1 Mission Statement CSIRT-IE's mission is to support Government departments and core agencies in responding to cyber incidents, including in particular malicious cyber-attacks that would hamper the integrity of their information system assets and harm the interests of the Irish State. CSIRT-IE also acts as a national point of contact for cyber-attacks involving entities within Ireland. The scope of CSIRT-IE's activities covers prevention, detection, response and mitigation services to Government departments and core State agencies. 3.2 Constituency The constituency of CSIRT-IE is composed of all Government departments and core agencies of the Irish State. In addition to Government departments and agencies CSIRT-IE is the CSIRT for all Digial Service Providers and Operators of Essential Services as outlined in the EU NIS Directive and S.I 360 of 2018. Note: to report an incident as a constituent you must be an official in a Government department or core agency with the authority to make such a report. 3.3 Sponsorship and/or Affiliation CSIRT-IE is part of the NCSC in the Department of the Environment, Climate and Communications and has been established in accordance with Government policy. CSIRT-IE is publicly funded. 3.4 Authority The establishment of CSIRT-IE was mandated by a decision of the Government of Ireland. 4 Policies 4.1 Types of Incident and Level of Support A cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity or availability of network and information systems of CSIRT-IE's constituents. All such incidents should be reported to CSIRT-IE. The level of support given by CSIRT-IE will vary depending on the type and severity of the incident, the constituent and/or constituents impacted and available resources. 4.2 Co-operation, Interaction and Disclosure of Information CSIRT-IE values the importance of operational cooperation and information-sharing between Computer Security Incident Response Teams, and also with other organisations which may contribute towards or make use of their services. CSIRT-IE operates within the confines imposed by EU and Irish national legislation. CSIRT-IE handles all information received in confidence. Information is only distributed to other teams and constituents on a need-to-know basis and, unless otherwise required by law, in an anonymised fashion. CSIRT-IE uses the Traffic Light Protocol as the basis for information exchange. 4.3 Communication and Authentication For normal communication not containing sensitive information, CSIRT-IE will use conventional methods such as unencrypted e-mail. For secure communication involving authentication; PGP encrypted e-mail, the telephone and facsimile are used. 5 Services 5.1 Incident Response CSIRT-IE provides assistance to constituents in handling the technical and organizational aspects of incidents. Advisories on risks, threats and vulnerabilities are provided to constituents on a need-to-know basis. These advisories can include recommendations and mitigating measures. Alerts are provided to specified constituents in response to specific information security intelligence. 5.2 Incident Handling CSIRT-IE provides incident handling services in accordance with S.I. 360 of 2018 to the sectors specified in Schedule 1 and the service providers specified in Schedule 2 of the legislation. 6 Incident Reporting Forms If you wish to report a security incident you should be an agent of a constituent (e.g. an official in a Government department or agency with the authority to make such a report). An incident reporting form is available on request or alternatively an email with brief details of the incident can be sent directly to certreport@ncsc.gov.ie. Members of the public wishing to alert CSIRT-IE to a particular cyber-security related matter may do so using the email address info@ncsc.gov.ie. 7 Disclaimers The National Cyber Security Centre on behalf of CSIRT-IE does not accept any legal liability whatsoever arising from, or connected to, the accuracy, reliability, currency or completeness of any material published on this website or any linked website. We strongly recommend that users exercise their own judgment with respect to the use of this website and carefully evaluate the accuracy, currency, completeness and relevance of the information on this website for their purposes. Links to other websites are provided for users' convenience and do not constitute endorsement of material on those sites or any associated organisation, product or service. Users of this website are also directed to our privacy statement. Information from this website may not be used for commercial purposes, nor can data be copyrighted without agreement from the NCSC.