SOVEREIGN INTELLIGENCE CSIRT

 

 

CSIRT Description Sovereign Intelligence-CERT

-----------------------------

 

   1. About this document

 

   1.1 Date of Last Update

 

        This is version 1.01, published 2021/07/12.

 

   1.2 Distribution List for Notifications

 

        No distribution list exists to notify changes to this document. 

 

   1.3 Locations where this Document May Be Found

 

        The current version of this CSIRT description document is

        available from the Sovereign Intelligence site; its URL is sovereign.ai/rfc2350

       

   2. Contact Information

 

   2.1 Name of the Team

 

        Sovereign-CERT

 

   2.2 Address

 

        Sovereign Intelligence, LLC

        1775 Tysons Blvd. 5th Floor

        McLean, VA 22102


 

   2.3 Time Zone

 

        Canada/Eastern (GMT-0500, and GMT-0400 from April to October)

 

   2.4 Telephone Number

 

        Only available internally.

 

   2.5 Facsimile Number

 

       None available.

 

   2.6 Other Telecommunication

 

        None available.

 

   2.7 Electronic Mail Address

 

        cert@sovereign.ai

 

   2.8 Public Keys and Other Encryption Information

 

        Sovereign-CERT has the following PGP Key: 

 

        -----BEGIN PGP PUBLIC KEY BLOCK-----

Version: FlowCrypt Email Encryption 8.1.1

Comment: Seamlessly send and receive encrypted email

 

xjMEYO82axYJKwYBBAHaRw8BAQdAl0iHqfZxZlZ4ECl3AaI4sXPlbPw6Yb65

5Y4xC/aUvx/NIlNvdmVyZWlnbiBDZXJ0IDxjZXJ0QHNvdmVyZWlnbi5haT7C

jwQQFgoAIAUCYO82awYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEK80

fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhqyAAD8Dv8wDqgLei6rpKPo

OS4OVLMls9IrxJVkI2uACR6C14oA/R6viJCBZfJri+pPnD+OIY2SkNuCRxsE

cBGLiDZAESIMzjgEYO82axIKKwYBBAGXVQEFAQEHQOiPQwkxN1JNMY51AnRP

IaSfqF3jPKck6v1wE4FdU1xeAwEIB8J4BBgWCAAJBQJg7zZrAhsMACEJEK80

fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhr4IwD9H4X7tKRJlY7dMXnQ

UTYu8pEMgCzrA4F6/UGHvpwrh+IA/A3DVSdHV/HjBttpbpfGWRDDN4XWQYeD

L/gzNU5xh64F

=tqI0

-----END PGP PUBLIC KEY BLOCK-----


 

   2.9 Team Members

 

       Sovereign-CERT’s team leader is John Gullette. 

 

   2.10 Other Information

 

        General information about the Sovereign Intelligence can be found at: sovereign.ai

 

   2.11 Points of Customer Contact

 

        The preferred method for contacting the Sovereign-CERT is via

        e-mail at cert@sovereign.ai; e-mail sent to this address

        will "biff" the responsible human, or be automatically

        forwarded to the appropriate backup person, immediately.  If

        you require urgent assistance, put "urgent" in your subject

        line.

 

        The Sovereign-CERT’s hours of operation are generally restricted to

        regular business hours (09:00-17:00 (ET) Monday to Friday except

        holidays).


 

   3. Charter

 

   3.1 Mission Statement

 

        The purpose of the Sovereign-CERT is to provide for Sovereign Customers cyber threat intelligence on how to protect their information infrastructure assets and systems from cyber threats and incidents.

 

   3.2 Constituency

 

        Sovereign-CERT’s constituency are Sovereign Intelligence and the customers of Sovereign Intelligence.

 

        An overview of the organisation and customers of Sovereign Intelligence can be found at:  sovereign.ai.

 

   3.3 Sponsorship and/or Affiliation

 

       N/A

 

   3.4 Authority

 

        The Sovereign-CERT expects to work cooperatively with the responsible staff of the Sovereign customers. The authority of the Sovereign-CERT is established by the provisions in the customer contract.

 

   4. Policies

 

   4.1 Types of Incidents and Level of Support

 

       Sovereign-CERT is authorized to address all types of computer security

incidents which occur, or threaten to occur, in our constituency (cf.3.2).  The level of support will vary depending on the service level agreement with the constituent and the Sovereign-CERT’s resources at the time. 

 

   4.2 Co-operation, Interaction and Disclosure of Information

 

        The Sovereign-CERT cooperates with other organisations in the field of

computer security. This cooperation also includes and often requires

the exchange of vital information regarding security incidents and

vulnerabilities. Nevertheless Sovereign-CERT will protect the privacy of its customers, therefore (under normal circumstances) will pass on information in an anonymized way only unless agreed upon by the constituents. 

 

The Sovereign-CERT operates under the restrictions imposed by United States

law. Therefore it is also possible that - according to United States law -

Sovereign-CERT may be forced to disclose information due to a Court's

order. Please note that Sovereign-CERT is in no way obliged to report

criminal offences to the police. 

 

       

   4.3 Communication and Authentication

 

       Sovereign-CERT protects information in accordance with US and European regulations. 

 

   5. Services

 

   5.1 Incident Response

 

        Sovereign-CERT coordinates incident prevention, handling, and response for Sovereign Intelligence; and provides Sovereign customers incident response services according to their service level agreement.

 

   5.1.1 Incident Triage

 

         For Sovereign Intelligence, Sovereign-CERT is responsible for:            

            - Investigating whether indeed an incident occured.

            - Determining the extent of the incident and which customers may be involved.

 

   5.1.2 Incident Coordination

 

         For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Determining the initial cause of the incident

              (vulnerability exploited)

            - Notify other CSIRTs if appropriate.

 

   5.1.3 Incident Resolution

 

         For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Removing the vulnerability.

            - Securing the system from the effects of the incident

 

   5.2 Proactive Activities

 

        For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Intrusion detection

            - Vulnerability management

            - Mailing Lists to inform the Constituency of important issues.

 

   6. Incident Reporting Forms

 

        There are no local forms developed yet for reporting incidents

        to Sovereign-CERT. If possible, please make use of the Incident

        Reporting Form of the CERT Coordination Center (Pittsburgh,

        PA).  The current version is available from:

           ftp://info.cert.org/incident_reporting_form

 

   7. Disclaimers

 

        While every precaution will be taken in the preparation of

        information, notifications and alerts, Sovereign-CERT assumes no

        responsibility for errors or omissions, or for damages

        resulting from the use of the information contained within.