CSIRT.CZ is the National CSIRT of the Czech Republic. The Czech National CSIRT is operated on the basis of public contract arranged with the National Security Authority in December 2015. Team CSIRT.CZ fulfills the role of National CERT team as defined in the Act on Cybersecurity.
As of 1 January 2011, CSIRT.CZ is administered by the CZ.NIC association. Today it has 8 members, all employees of the CZ.NIC association.
The first Memorandum about fulfilling the role of National CERT was concluded between the Czech Ministry of Interior and the CZ.NIC association on December 16th 2010. You can find more details about this occasion in the press release at the CZ.NIC website. When National Security Authority took charge of cyber security issues in 2011 the memorandum with Ministry of Interior was supresed by the new memorandum with National Security Authority. First memorandum about fulfilling the role of National CSIRT came into effect on April 1st 2012. Later on it was replaced by the second memorandum which came into effect on January 1st 2013.
Team CSIRT.CZ has been an accredited member in Trusted Introducer since 2011 and became member of FIRST in 2015.
Tasks of CSIRT.CZ in the Czech Republic are as follows:
To maintain foreign relations – with the global community of CERT/CSIRT teams as well as with organisations supporting the community.
To cooperate with various entities across the country – ISPs, content providers, banks, security organs, institutions in the academic sphere, public authorities and other institutions.
To provide security services such as:
The CSIRT.CZ team is responsible for the territory of the Czech Republic, i.e. all users and networks operated in the Czech Republic fall under the responsibility of CSIRT.CZ.
Annual reports are available in Czech only.
The CSIRT.CZ team was established under the Cyber threats and Czech Republic’s security interests grant. Its aim was to establish a model CSIRT practice and to map the ability of network and service provider in the Czech Republic to cooperate in addressing security incidents.
The task was to establish a model CSIRT.CZ practice under the Cyber threats and Czech Republic’s security interest grant was assigned to the CESNET association. As CESNET had put together the first official CSIRT team in the Czech Republic – the CESNET-CERTS team, it had experience with both the establishment and functioning of a CSIRT team. Moreover, CESNET can also rely on its relations with the global community of CERT/CSIRT teams necessary to incorporate the new team into the global infrastructure.
Once the technical and organisational background was set up (in 2007) and with the support of CESNET-CERTS, the CSIRT.CZ team was accepted by the global community – CSIRT.CZ was listed among teams officially recognised by the Trusted Introducer. In the Czech Republic, CSIRT.CZ assumed the responsibility of the national and government CSIRT team as defined by the CERT/CSIRT terminology.
Between 2008 and 2010 it became clear that it was necessary to establish a national and government CSIRT team in the Czech Republic. Subsequently in December 2010, a Memorandum establishing the CSIRT.CZ as the National CSIRT of the Czech Republic was concluded between the Czech Ministry of Interior and the CZ.NIC association.
On 1 April, the agreement with the Ministry of the Interior of the Czech Republic was superseded by a new memorandum with the National Security Authority . This document concerns the management of the work of the CSIRT.CZ security team.
Bigger formal change in the field of cyber security is represented by Act on Cyber Security (in czech only) approved in 2014. Since 01.01.2015 the Act is in effect and among the others it defines two high-level teams(governmental CERT and national CERT) and their competences. Governmetal CERT is operated by National Cyber Security Centre which is part of National Security Authority. In august 2015 team CSIRT.CZ was chosen for fulfilling the role of national CERT. As an effect in december 2015 public contract (in czech only) was signed between CZ.NIC association and National Security Authority.