Monitoring cyberspace and impeding incidents

CERT-EE, established in 2006, is an organisation responsible for the management of security incidents in .ee computer networks. It is also a national contact point for international co-operation in the field of IT security.

Its duty is to assist Estonian Internet users in the implementation of preventive measures in order to reduce possible damage from security incidents and to help them in responding to security threats. CERT-EE deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.

The support provided by CERT Estonia depends on the type and severity of a security incident, on the number of users potentially affected by it and on resources available for the organisation.

CERT-EE is a member of the CSIRTs Network.

CERT – what is it?

CERT is an organisation that handles security incidents in the framework of CERT activity. CERT organisations exist worldwide and they cooperate closely, share information about information security incidents and give notifications about security hazards.

Aims of CERT-EE:

  • monitoring of the state of information security in Estonia by using received reports and collecting information about information security incidents;
  • preventing security incidents and reducing security risks, mainly by raising awareness and through communication work;
  • assisting institutions regarding security incidents and advising them if they want law enforcement agencies to start an incident investigation.

Activities of CERT Estonia

Handling incidents: receiving incident reports, assigning priorities to incidents according to their severity level, performing incident analysis, responding to incidents, giving assistance in incident response, coordinating incident response activities.

Giving warnings/notices: gives the users information about security gaps, which have been discovered in most popular systems and applications in Estonia. Warnings are mainly given to the attacks and security gaps with a high criticality level and for extremely widespread viruses.

Support for institutions and Internet service providers: support for system administrators, network administrators or customer support that the end users should contact in case of security incidents. The extent of CERT Estonia support depends on the type and criticality of the security incident, the extent of the influenced environment and the resources available in the team.

Preventive measures: periodic events and media campaigns for raising awareness about information security.

Contacts of CERT-EE

You can use the following methods to send us encrypted messages:

  • CERT-EE’s organisations certificate (CDOC): Riigi Infosüsteemi Amet: CERT
  • PGP public key: 7B96 A5C7 079D 0CAF 9BEA C713 B05D BD10 A32A FB7D

Tools and services of CERT-EE

IRMA – an online virus scanner

A tool for the data network users at public authorities and for private cooperation partners which is designed for scanning suspicious e-mail attachments and other files of an uncertain origin. The advantage of the tool compared to other similar tools found online is that the files entered are not left hanging in unknown places but are located in the file server of an Estonian public authority and are regularly deleted.

ENTER

The ‘Sandbox’ of CERT-EE

A file analysis tool for IT professionals. Allows the professionals to monitor, in a secure environment, how operating systems on different virtual and physical platforms behave when opening a suspicious file.

Enter

File transfer environment

The tool enables to send suspicious files to CERT-EE for analysis. Suitable for phishing e-mails and attachments, malware samples, etc.

Enter

The Encrypted DNS app protects against phishing and malware

The Encrypted DNS app protects smart devices against malicious web links and malware. The solution can protect against domains that contain malicious content about which the RIA is aware of.

The application blocks malware and phishing attempts and uses DNS to filter out malicious links for the user. The solution works on smart devices running both on iOS (iOS 14 and later) and Android (Android 9 and later) operating systems. For Apple smart devices, the application called Encrypted DNS (by RIA) must first be downloaded from the AppStore and then activated. To do this, go to Settings – General – VPN & Device Management – DNS and select Encrypted DNS.  

Android has a similar built-in application which does not need to be downloaded separately. To use the solution, you must activate Private DNS under the network settings and set the location of the service to dns.cert.ee. Please note! The solution does not work on Android devices if you want to use a private DNS and VPN service at the same time.

Automated monitoring solution Suricata4All (S4A) 

The solution consists of a central system managed by CERT-EE and sensors that network owners can install at their companies or authorities.

The central system distributes rules to the sensors which are used to identify attacks. The sensors, in turn, send alerts to the central system when they detect malicious traffic. The system also allows its users to record, index, and analyse network traffic. Ask CERT-EE if your company would benefit from using S4A!

Those interested in subscribing to the system must obtain proper hardware and ask CERT-EE to provide them with the sensor installation software ([email protected]).

Information channels

Cyberspace newsletter

CERT-EE produces a daily cyberspace newsletter that summarises cyber and IT news from public sources. As of September 2021, this also includes daily overviews of what has happened in the Estonian cyberspace.

To subscribe to the newsletter, send an e-mail with the subject ‘Subscribe’ to [email protected]. Only the e-mail addresses of authorities/organisations can be used to subscribe (i.e. not Gmail, Hotmail, etc.).

Warnings and notifications of CERT-EE

The fastest way to stay informed about CERT-EE’s notifications and warnings.

Last updated: 23.01.2023