CERT

GAZ-SYSTEM CERT

GAZ-SYSTEM S.A. has established GAZ-SYSTEM CERT, a team to respond to computer security incidents.

Main tasks of GAZ-SYSTEM CERT:

  • Handling and proactively responding to IT security incidents at GAZ-SYSTEM S.A.,
  • Analysing malicious software,
  • Minimising the consequences of IT security incidents,
  • Communicating and cooperating with other sector CSIRT/CERT teams in the area of alerting, handling and mitigating risks related to IT security incidents,
  • Monitoring security of services relevant to the operations of GAZ-SYSTEM S.A,
  • Cooperating with institutions, services and state authorities in the area of cybersecurity,
  • Creating internal policies, regulations and instructions concerning the protection of systems and IT networks of Gaz-System S.A,
  • Training and raising computer threats awareness of employees.

Traffic Light Protocol

Like other cyber security teams, GAZ-SYSTEM CERT uses the Traffic Light Protocol (TLP). The protocol is designed to control and encourage the sharing of information.

What is TLP?

Traffic Light Protocol is a set of rules, grouped into four categories, used to better define the audience of sensitive information. For ease of reference, the categories are marked with four colours (red, amber, green and white). It is up to the organisation from which the information originates to determine which category is appropriate. If the recipient wishes to share the information with a broader audience, he or she must obtain appropriate approval from the author of the message.

Meaning of the TLP colours for message recipients

TLP:RED

Recipients may not share transmitted information with anyone except other recipients of these messages

TLP:AMBER

Recipients may only share information within their organization (and its customers) with those who need to know the messages and only to the extent necessary to take appropriate action

TLP:GREEN

Recipients may share information with their colleagues, within their own and partner organizations, and in their community. However, this information cannot be shared through public information channels

TLP:WHITE

Distribution of the information is not subject to any restrictions (except copyright)

 

Information about the TLP used should be included in the header or footer of a transmitted message, using a notation in the format: "TLP: [Colour]". Traffic Light Protocol does not apply to government secret or confidential information. When contacting GAZ-SYSTEM CERT, please mark the information according to the TLP rules. TLP-marked correspondence should indicate the colour in the subject line and in the body of the email, immediately before the specific information itself.

TLP colour should be indicated in capital letters: TLP: RED, TLP: AMBER, TLP: GREEN or TLP: WHITE

GAZ-SYSTEM CERT contact details

In case of emergencies please contact GAZ-SYSTEM CERT by sending an e-mail to cert@gaz-system.pl

GAZ-SYSTEM S.A.

GAZ-SYSTEM CERT, ul. Mszczonowska 4, 02-337 Warszawa

Emergency phone: +48 22 220 11 11; e-mail: cert@gaz-system.pl

Please include the following information in your application:

  • contact and organisational information,
  • full name and organisation name and address,
  • e-mail address,
  • phone number,
  • IP address(es), FQDN(s) and any other relevant technical items with associated observations,
  • scan results (if any) and/or any parts of logs showing the problem.

In order to maintain confidentiality of the transmitted data, please use the PGP/GPG system while communicating with GAZ-SYSTEM CERT.

GAZ-SYSTEM CERT PGP public key

Description of GAZ-SYSTEM CERT team and policy statement - in accordance with the document RFC 2350 published by the Internet Engineering Task Force:

- in Polish: RFC 2350 PL

- in English: RFC 2350 EN


Copyright © 2016 Gas Transmission Operator GAZ-SYSTEM S.A. All rights reserved.