CSIRT Description for GAZ-SYSTEM CERT (English version) ================================ 1. About this document This document contains a description of GAZ-SYSTEM CERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 1.30, published 2024/05/09. 1.2 Distribution List for Notifications Notifications of updates are submitted to Trusted Introducer by e-mail: 1.3 Locations where this Document May Be Found The current version of this CSIRT description is available on GAZ-SYSTEM CERT website at: https://www.gaz-system.pl/pl/o-nas/otoczenie-regulacyjne/systemy-zarzadzania/cert Please, make sure you are using the latest version. 1.4 Authenticating this Document This document includes GAZ-SYSTEM CERT PGP signature. The signature and its authenticity can be verified with GAZ-SYSTEM CERT PGP key as published in 2.8 2. Contact Information 2.1 Name of the Team GAZ-SYSTEM CERT 2.2 Address GAZ-SYSTEM S.A. 4 Mszczonowska 4 Street 02-337 Warszawa, Poland 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last sunday of March to the last sunday of October) 2.4 Telephone Number +48 22 220 11 11 2.5 Facsimile Number +48 22 220 16 06 (please note this is NOT a secure fax) 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address cert@gaz-system.pl 2.8 Public Keys and Other Encryption Information GAZ-SYSTEM CERT uses the PGP key: User ID: GAZ-SYSTEM CERT Key ID: B41CEA29945F06E5; Key type: RSA Key size: 2048 Expires: never Fingerprint: B63E DC0A E0EF D649 D7D4 FF09 19E2 57F3 0113 973D; This key can be received directly from our website: https://www.gaz-system.pl/pl/o-nas/otoczenie-regulacyjne/systemy-zarzadzania/cert 2.9 Other Information General information about Operator Gazociagow Przesylowych GAZ-SYSTEM S.A. (further OGP GAZ-SYSTEM S.A.) can be found at https://www.gaz-system.pl/pl/o-nas/informacje-ogolne 2.10 Points of Customer Contact GAZ-SYSTEM CERT prefers e-mail contact. Please use our cryptographic key to ensure communication integrity and confidentiality. Business hours response only: 08:00-16:00 local time on Monday-Friday except public holidays in Poland. Emergency cases: Use GAZ-SYSTEM CERT phone number with back-up of e-mail for all detail. The GAZ-SYSTEM CERT phone number is available at all times. 3. Charter 3.1 Mission Statement Building competence and capabilities of OGP GAZ-SYSTEM S.A. in avoiding, identifying and mitigating the cyber threats. Support of OGP GAZ-SYSTEM S.A. in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency GAZ-SYSTEM CERT constituency includes all IT systems owned and managed by GAZ-SYSTEM S.A. 3.3 Sponsorship and/or Affiliation GAZ-SYSTEM CERT is an internal unit of OGP GAZ-SYSTEM S.A. - TSO (transmission system operator) for gas. It is financed by OGP GAZ-SYSTEM S.A. GAZ-SYSTEM CERT is affiliated within the Trusted Introducer (https://www.trusted-introducer.org/directory/teams/gaz-system-cert.html) 3.4 Authority GAZ-SYSTEM CERT operates under the auspices of, and with authority delegated by, the management of OGP GAZ-SYSTEM S.A. and is bound by its internal terms. GAZ-SYSTEM CERT handles and coordinates incidents on behalf of OGP GAZ-SYSTEM S.A. 4. Policies 4.1 Types of Incidents and Level of Support GAZ-SYSTEM CERT is authorized to address all types of IT systems incidents which occur, or threaten to occur, in its constituency. Classification of incidents and the way of handling them are defined within regulation regarding management of cybersecurity incidents in OGP GAZ-SYSTEM S.A. The level of support given by GAZ-SYSTEM CERT varies depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the availability of GAZ-SYSTEM's resources at the time. Incidents will be prioritized according to their severity and extent. 4.2 Co-operation, Interaction and Disclosure of Information GAZ-SYSTEM CERT declares that all information related to incidents handled is considered as Confidential. Information evident to be sensitive (such as personal data, system configurations) or that may be harmful is handled only in a secure environment and encrypted in storage and in transit. When reporting an incident and providing sensitive information, please use encryption or contact GAZ-SYSTEM CERT to arrange different channel of secure communication. GAZ-SYSTEM CERT declares full support for the Information Sharing Traffic Light Protocol (https://www.first.org/tlp/). Information sent in and labelled according to ISTLP will be handled appropriately. Information submitted to GAZ-SYSTEM CERT may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the only purpose of incident handling. 4.3 Communication and Authentication GAZ-SYSTEM CERT uses PGP encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. Messages regarding incidents are sent by GAZ-SYSTEM CERT staff signed with our main PGP key (see 2.8) and encrypted. GAZ-SYSTEM CERT reserves the right to verify the authenticity of information or its source to the extent allowed by the law. 5. Services 5.1 Incident Response GAZ-SYSTEM CERT will assist OGP GAZ-SYSTEM S.A. in handling the technical and organizational aspects of security incidents. GAZ-SYSTEM CERT capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Triage Service involves: Prioritizing incident according to its apparent severity and extent, Investigating whether indeed an incident occurred, Determining the extent of the incident. 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the OGP GAZ-SYSTEM S.A. 5.1.3 Incident Resolution Advise and coordination local teams on appropriate actions, Follow up on the progress of the concerned involved local team, Ask for reports, Report back. 5.2 Proactive Activities GAZ-SYSTEM CERT makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Forms There are no specific forms developed for reporting incidents to GAZ-SYSTEM CERT. Mentioned above regulations regarding management of cybersecurity incidents for OGP GAZ-SYSTEM S.A. defines also information set needed for reporting the incidents to GAZ-SYSTEM CERT, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to GAZ-SYSTEM CERT at least the following information: contact details and organizational information: name and sure name, organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the issue/problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, GAZ-SYSTEM CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFySCGoBCAC9xNH3whAUJAixIZWztrtq3s2P4UbwwkbAmvy6T/OsbniP6IX4 yb8F6ifYlG6HVQAMHL2680itCwB+3XprRrLmu5snQzVoIApUT+22gGeSxGpr+JAd +F6EMCSTxbdpvJs8LhzK2aXG3HZeq20eQ2ovoPAVjXtERXN4U9pla20u1jj052Vk oxraB3Iy0T6RQYdZsPBTAaP47dHhk8conqkOqB6bdqXiI97H3E510qQwgqwH79O9 98DNBzfF66K/tEHwF2JRJsMWT5MTAImPmNxYdW6fBYXuQU1THXIXKP5BU/izOr5J WIZz18YfwqlRC9uNjQ3ZLaxZOD4dePCCKoITABEBAAG0JENFUlQgR0FaLVNZU1RF TSA8Y2VydEBnYXotc3lzdGVtLnBsPokBVAQTAQgAPhYhBLY+3Arg79ZJ19T/CRni V/MBE5c9BQJckghqAhsDBQkDw81GBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ EBniV/MBE5c9nHEH/1Ip1xOSEmNMah5gWeJS5erRrhAfgrKLr9bhOfi/0uBLieLI RuAReA8iNbsvqgnhUW6WHS3VePajrN015xE1M8B1aXK+906OwAFvb5B1vr/xNlxV KNkIygG1RQe2FH4abwYmreuSN28HqESCqnUnw0dAoMq8sN8e2hmqsK4zC6l44KsX ITG3gSiIJszoWOiU91tA5uyGVB3iIO5KStmC/TSDDif5hGZ2KpSe00ypuMDC1DMD urlOYzGl0xQgdzcrZ7O9Xg4XFOPoXqpZSx5DmwJamNS2RmQfWj/4o67kwvG35+TF vOeuivDJlygMNkEg/JR8dLYPYrXiaLPAShNVVpa5AQ0EXJIIagEIALLFs25AGAYQ AakdK27PqgysDnfKNPRlG77mi+RvbNEuJ5f9SUPIC7Wdco1C89Y8PReH3h7pCCUS Wp9ABJZS1fHoV5CZ50WudOnEB7c1rUSQY4+88uBssP570vgyV/S08IqXUF4pgKfB 6cW1eXSvKjwPy85CrhRLK14N9TEbFxAMQIq14gZ498ZJNQJngXpIXCeOvfGG8q5c DVvlcUl8CLC9gM2PPMkZGuwQCjZnvJs2xwohHhtn9MZp2SgLZErlQ2bxhKm3i4nV lsMKSgR0/kPoYzBAjfkAe12azZAuZijCwoRbvwQSf/4GKKn9GaviXqUSRL+us7Ub 31biOOLWzukAEQEAAYkBPAQYAQgAJhYhBLY+3Arg79ZJ19T/CRniV/MBE5c9BQJc kghqAhsMBQkDw81GAAoJEBniV/MBE5c9vsUH/25V3L8aYa+QlJVXVnyfLryd7TC0 pFDVbNiScYAqb6inuPmBSeXI1tMJCVvI/ltv4d2YEELW0mJKEyioGLTJLX4XJAoZ gMV+VBlOjyD7JLFC139qb6/tywVwuUqzoOdE3PGvmy2hO0a0lvH3z7sCwzqiE+u1 qr02EVEWS4vVvt/r63qVMwkEYo9ViZq22vBSncfCswSqMtTR+R+ZX13WV6sIRF9V 8tDhRMPz7R3WLPhrs5e+9UwfwtqOKxR/6qhx9l8ACtws36bHUcB3hh/Fo9t3sCG5 QUkcJw4bIi7QpXqOH3IVftQ2BN30LnqyIu30u5ETBPVZq95WWNllYR+ik7s= =cn7q -----END PGP PUBLIC KEY BLOCK-----