National CERT (CERT.hr) is a department within Croatian Academic and Research Network – CARNET which was established in accordance with the Information Security Act of the Republic of Croatia (Chapter 5). According to this Act, CERT.hr is a national body for prevention from cyber threats and protection of the security of public information systems in the Republic of Croatia. The department’s main task is handling computer security incidents to preserve the security of information systems in Croatia.
CERT.hr department deals with incidents if one of the parties of the incident is in the Republic of Croatia (i.e. if it is in the .hr domain or Croatian IP address range), excluding the government bodies which fall under the constituency of Information Systems Security Bureau (ZSIS). Furthermore, according to the Act on cybersecurity of operators of essential services and digital service providers CERT.hr is declared as an authorized CSIRT for all key service operators in banking, financial market infrastructure, digital infrastructure, business services for state authorities (in the scope of government bodies competent for science and education) and digital service providers.
Co-operation
In the field of cybersecurity in Croatia, CERT.hr cooperates with nationally relevant bodies and participates in the activities of bodies founded from the National Cyber Security Strategy: Operational and Technical Cyber Security Coordination Group. In addition to monitoring the implementation of the Strategy and its Action Plan, these inter-ministerial bodies are entrusted with certain tasks related to management in cyber crises.
- National Cyber Security Council
- Operational and Technical Cyber Security Coordination Group
Memberships
- CSIRT Network is a network composed of EU Member States’ appointed CSIRTs and CERT-EU which was established through Article 12 of the NIS Directive to contribute to developing confidence and trust between the Member States and to promote swift and effective operational cooperation.
- FIRST (Forum of Incident Response and Security Teams) is an international confederation of CSIRTs across the world that are working together to resolve computer security incidents and promote prevention programs.
- TF-CSIRT (Task Force CSIRT) is a working group that promotes cooperation and coordination between CSIRTs in Europe and neighboring regions while establishing links with relevant organizations globally and in other regions.
- TI (Trusted Introducer) is a program that represents a reliable backbone of team infrastructure services and maintains a list of known, accredited, and certified teams according to their demonstrated and verified level of maturity. It is one of the three elements that form the core of the TF-CSIRT portfolio in addition to Working Group Meetings and TRANSITS. CERT.hr has been an accredited member since 2010.
Services
CERT.hr services are available to the general public. The operation of CERT.hr is partly funded by the Ministry of Science and Education, and partly by the European Union through various EU projects.
CERT.hr implements proactive and reactive measures within its activities.
Proactive measures:
- security advisories
- monitoring of computer security technologies
- dissemination of information in the field of computer security
- rising awareness of the importance of computer security
- computer security education and training
- vulnerability assessment for CARNET member institutions
- issuance of electronic certificates for CARNET member institutions
- security testing of CARNET services, as well as services and applications which need access to eMatica system
Reactive measures:
National CERT engages with its resources in helping to resolve significant incidents that are defined according to the following priorities:
- incidents that pose a threat to human lives
- incidents that have a significant impact on essential services or key service providers
- incidents of major importance
- new types of malicious attacks
- other incidents
National CERT’s scope of operation does not include:
- operational troubleshooting and safety concerns of individual systems
- punishment of malicious users
- arbitration in disputes
- initiating criminal charges
Projects
CERT.hr, in addition to its regular activities within its legal constituency, implements and participates in the implementation of national and European projects.
Contact
General inquiries: cnre@tectrh.r
Incident reporting: niicedtnc@re.trh (We recommend following instructions to correctly report an incident!)
Submission of reports about significant incidents from key service operators and digital service providers kz-sniicedtnc@re.trh
Press inquiries and media contact: press@carnet.hr
Address
CARNET
Department for National CERT
Josipa Marohnića 5
10000 Zagreb
Hrvatska
Telephone: +385-1-666-1-650
Telefax: +385-1-666-1-767
Public PGP public key:
- National CERT supports the use of the PGP cryptographic system. The signed public key can be found on all major PGP key exchange servers or here.
- KeyID: 0xFCA254BB Fingerprint: E54B B60A C4D1 45E7 0FF4 CC5B E35C DB85 FCA2 54BB
Time zone:
- UTC + 0100 – CET (Central European Time)
- UTC + 0200 – CEST (Central European Summer Time: last Sunday in March – last Sunday in October)
More information on activities, constituency, and services offered by CERT.hr is available in RFC 2350 (CSIRT Specification).