Fulfilling the role of the National CERT team under the Act on cyber security

According to the public contract with the National Security Agency and the Law on cybersecurity the team CSIRT.CZ fulfills the role of the National CERT team. Under this Act, the team has the following duties: a) receives notification of contact information from the authorities and persons specified in § 3. a) and b) and records and stores the data,
b) receives reports on cyber security incidents to the authorities and persons referred to in § 3. b), and records, preserves and protects these data,
c) evaluates cyber security incidents to the authorities and persons referred to in § 3. b)
d) provides methodological support, assistance and cooperation in case of a cyber security incident to the authorities and persons specified in § 3. a) and b),
e) acts as a contact point for the institutions and persons referred to in § 3. ) and b)
f) evaluates vulnerabilities in cyber security.
If you have a question regarding this Act do not hesitate to contact us at

Incident response

The scope of responsibilities of CSIRT.CZ is the entire address space of the Czech Republic. All network administrators who need help with coordination while solving an incident or a suspicion of an incident because the incidents could have a negative impact on other networks. The users of these networks can contact us as well. Further information and guidance on the reporting of incidents can be found here. The CSIRT.CZ team does not have any executive powers and acts more as a coordinator, who can also provide methodological assistance with security issues.

Information on threats in the .CZ domain

We have developed an open source tracker called Malicious Domain Manager for central monitoring and addressing threats in the top level domain. This application acts as a central point for collecting and analyzing information on the malicious URL in the domain .CZ. It also supports the history of threats in the domains and can directly contact their holders from a dedicated address at

Web Scanner

Our team offers services of website penetration testing that is primarily designed for public and not-for-profit sector. This service is offered free of charge. The testing consists of automated and manual tests aimed at finding security vulnerabilities in the website application. Each security finding is indicated with an estimated measure of potential risks and a description of recommendations for its correction is also provided. More information on this service with information on a submission for the service is available here.


In cooperation with the CZ.NIC Academy we regularly organize trainings called "Computer security in practice" where participants can become familiar with the most common ways of cyber attacks. Each attack is introduced theoretically and afterwards hand training is provided. After a short introduction, each participant can try the attacks in practice. In addition, there are described various methods of defense and prevention during the training. Other traning we provide is related to basic operation and requirements of CSIRT teams. After a mutual agreement, we can also prepare a special educational seminar for your organization. We have experience with courses for police or government and other educational institutions. Courses are taught in Czech only.


If you have an interest within the organization for a lecture or a short presentation on work of our team or some general issues on cyber security, please contact us with your requirements at The theme of the lecture and its central focus can be adjusted according to the target audience (technicians, educational institutions, conferences focusing on safety, etc.). We have experience with lectures for both technical and nontechnical audience.

Assistance with the establishment of the CERT/CSIRT team

If you want to engage your security team (CERT/CSIRT) into the global infrastructure we are ready to provide you with the assistance. One way of gaining official international recognition on lower level is in the form of acquisition of status "listed" within the Trusted Introducer. We recommend that organizations that want to form an official CERT/CSIRT team should contact the National Security Team CSIRT.CZ before placing the official request on Trusted Introducer.

Working groups

The team holds regular meetings of security teams and members of the security community in the Czech Republic. These events usually take place two to three times a year. The main topics include current trends in the field of security, security threats, the development of cooperation between security teams and exchange of experience with prevention and security incidents resolution. If you are interested to participate in these meetings, please contact us at

Stress tests

After the DoS attacks on the important Internet services in the Czech Republic in 2013, CZ.NIC has set up a laboratory stress tests achieving the same or higher capacity, as mentioned by DoS attacks. In cooperation with CSIRT.CZ this service is still available free of charge to all candidates who meet the entering conditions. To perform stress tests at your service requires the consent of all the networks through which your data flows. If you are interested in the stress tests, please contact us at

Intrusion Detection System

In cooperation with CESNET we operate a system for detecting suspicious behavior of systems connected to the Internet. After indicating suspicious connection attempts from specific IP addresses we inform about such events immediately to responsible administrators through an e-mail address Only connections using TCP are written down. In case you are working on security research, or for other reasons you would like to be deleted from the IDS database, please contact us at More information about our IDS is available here.

Operation of honeypots

In the context of security research we run a number of honeypots in cooperation with CZ.NIC Labs. Visualization of attacks in real time can be found at Newly captured malware samples are analyzed and accordingly sent to antivirus companies. We are able to provide you with the newly captured samples of malware too. We share the samples under condition that they are used for security research or for the benefit of users only (eg. antivirus companies and universities). More information about the software used in the project Honeynet can also be found here.

For the Media

If you are a journalist and have a question regarding the current security threats, trends, developments contact Vilém Sládek, PR manager CZ.NIC at