CERT
GAZ-SYSTEM S.A. has established GAZ-SYSTEM CERT, a team to respond to computer security incidents.
Main tasks of GAZ-SYSTEM CERT:
- Handling and proactively responding to IT security incidents at GAZ-SYSTEM S.A.,
- Analysing malicious software,
- Minimising the consequences of IT security incidents,
- Communicating and cooperating with other sector CSIRT/CERT teams in the area of alerting, handling and mitigating risks related to IT security incidents,
- Monitoring security of services relevant to the operations of GAZ-SYSTEM S.A,
- Cooperating with institutions, services and state authorities in the area of cybersecurity,
- Creating internal policies, regulations and instructions concerning the protection of systems and IT networks of Gaz-System S.A,
- Training and raising computer threats awareness of employees.
Like other cyber security teams, GAZ-SYSTEM CERT uses the Traffic Light Protocol (TLP). The protocol is designed to control and encourage the sharing of information.
What is TLP?
Traffic Light Protocol is a set of rules, grouped into four categories, used to better define the audience of sensitive information. For ease of reference, the categories are marked with four colours (red, amber, green and white). It is up to the sender from which the information originates to determine which category is appropriate. If the recipient wishes to share the information with a broader audience, he or she must obtain appropriate approval from the sender.
The TLP label should be in the subject line of email. TLP-labeled documents must indicate the TLP label of the information, as well as any additional restrictions, in the header and footer of each page.
Traffic Light Protocol does not apply to government secret or confidential information.
When contacting GAZ-SYSTEM CERT, please mark the information according to the TLP rules. TLP colour should be indicated in capital letters: TLP:RED, TLP:AMBER, TLP:GREEN or TLP:CLEAR.
Meaning of the TLP colours for message recipients
TLP:RED = for the eyes and ears of individual recipients only, no further disclosure. Recipients may therefore not share TLP:RED information with anyone else. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting.
TLP:AMBER = limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients. Note that TLP:AMBER+STRICT restricts sharing to the organization only. Recipients may share TLP:AMBER information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm. Note: if the source wants to restrict sharing to the organization only, they must specify TLP:AMBER+STRICT
TLP:GREEN = limited disclosure, recipients can spread this within their community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community
TLP:CLEAR = recipients can spread this to the world, there is no limit on disclosure. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
GAZ-SYSTEM CERT contact details
In case of emergencies please contact GAZ-SYSTEM CERT by sending an e-mail to cert@gaz-system.pl.
GAZ-SYSTEM S.A.
GAZ-SYSTEM CERT, ul. Mszczonowska 4, 02-337 Warszawa
Emergency phone: +48 22 220 11 11; e-mail: cert@gaz-system.pl
Please include the following information in your application:
- contact and organisational information,
- full name and organisation name and address,
- e-mail address,
- phone number,
- IP address(es), FQDN(s) and any other relevant technical items with associated observations,
- scan results (if any) and/or any parts of logs showing the problem.
GAZ-SYSTEM CERT PGP public key
Description of GAZ-SYSTEM CERT team and policy statement - in accordance with the document RFC 2350 published by the Internet Engineering Task Force:
- in Polish: RFC 2350 PL
- in English: RFC 2350 EN