About CERT Estonia
CERT Estonia, established in 2006, is an organisation responsible for the management of security incidents in .ee computer networks. Its duty is to assist Estonian Internet users in the implementation of preventive measures in order to reduce possible damage from security incidents and to help them in responding to security threats. CERT Estonia deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.
The support provided by CERT Estonia depends on the type and severity of a security incident, on the number of users potentially affected by it and on resources available for the organisation.
Activities of CERT Estonia:
- Handling incidents: accepting reports, prioritising incidents according to their level of criticality, analysis, responding to incidents and technical support for solving the incidents. For simultaneous incidents, CERT will coordinate the response to such incidents.
- Giving warnings/notices: gives the users information about security gaps, which have been discovered in most popular systems and applications in Estonia. Warnings are mainly given to the attacks and security gaps with a high criticality level and for extremely widespread viruses.
- Support for institutions and Internet service providers: support for system administrators, network administrators or customer support that the end users should contact in case of security incidents. The extent of CERT Estonia support depends on the type and criticality of the security incident, the extent of the influenced environment and the resources available in the team.
- Preventive measures: periodic events and media campaigns for raising awareness about information security.
CERT – what is it?
CERT is an organisation that handles security incidents in the framework of CERT activity. CERT organisations exist worldwide and they cooperate closely, share information about information security incidents and give notifications about security hazards.
About security incidents
Security incident is a situation where the confidentiality, integrity and the processability of the information system and/or the information of an organisation, institution or a person is being violated. Security incidents are also situations where somebody else’s information system is used without an authorisation or its functionality is being deliberately interfered with.
Security incidents are prioritised according to their potential severity and scope. The following aspects are taken into account in the prioritisation of security incidents:
- the number of affected users;
- the type of an incident;
- the target of an attack as well as the attack’s point of origin;
- resources required to handle the incident.
High-priority incidents include, for instance: attacks that may jeopardise people’s lives, attacks on Internet infrastructure (name servers, major network nodes and large-scale automatic attacks on web servers), etc.
As CERT Estonia does not provide services to end users, the latter should, in case of security incidents, turn to system administrators either at their Internet service provider or in their organisation, to network administrators or customer support.