CARICERT Profile
Established according to RFC-2350.
1. Document Information
1.1. Date of Last Update
This is version 4 of 05 May 2014.
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3.
E-mail notification of updates will be sent to:
- All CARICERT members and employees of the Curaçao Bureau Telecommunication and Post (BT&P)
- All registered CARICERT constituents
- Any such parties with which CARICERT has an explicitly defined working relationship
- The FIRST (worldwide), LACNIC (South America) and Trusted Introducer (Europe) CSIRT communities
Any questions about updates please address to the CARICERT e-mail address.
1.3. Locations where this Document May Be Found
The current version of this profile is always available on
https://www.caricert.cw/about-us/caricert-profile/
.
2. Contact Information
2.1. Name of the Team
Full name: CARICERT Short name: CARICERT CARICERT is the national CERT or CSIRT of Curaçao.
2.2. Address
Bureau Telecommunication and Post CARICERT Beatrixlaan 9 Curaçao
2.3. Time Zone
GMT/UTC-4 (No DST)
2.4. Telephone Number
+5999 4631700
2.5. Facsimile Number
+5999 7364157 Note: this is not a secure fax, but it is situated within the secure CARICERT premises.
2.6. Other Telecommunication
Not available.
2.7. Electronic Mail Address
cert@caricert.cw
This address can be used to report all security incidents to which relate to the CARICERT constituency,
2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication. CARICERT provides all CARICERT team members with keys, to be used for signing and encryption. For general use, CARICERT has 2 keys which are replaced annually (2014 is the current year):
- CARICERT 2014 ** Encryption Only ** Key cert@caricert.cw : please use this key when you want/need to encrypt messages that you send to CARICERT (please sign your messages using your own key – it really helps when that key can be found on the public keyservers)
- CARICERT 2014 ** Signing Only ** Key : when due, CARICERT will sign messages using this key.
The current CARICERT team-keys can both be found
here
and are also present on the public keyservers (e.g. https://pgp.surfnet.nl ).
2.9. Team Members
No information about the CARICERT team members is provided in public.
2.10. Other Information
- See the CARICERT webpages https://www.caricert.cw .
- CARICERT has applied for FIRST membership and Accreditation by the Trusted Introducer.
2.11. Points of Customer Contact
Regular cases: use CARICERT e-mail address. Regular response hours: Monday-Friday, 08:00-17:00 (except public holidays in Curaçao). EMERGENCY cases: send e-mail with URGENT in the subject line.
3. Charter
3.1. Mission Statement
The mission of CARICERT is to co-ordinate the resolution of IT security incidents related to their constituency (see 3.2), and to help prevent such incidents from occurring by means of announcements, alerts, warnings and advice.
3.2. Constituency
CARICERT is the national CERT or CSIRT of Curaçao. Therefore the country of Curaçao is the main constituency. Priorities lie with the following sectors:
- Telecom / IT
- Finance
- Utilities (Energy, water, airport, etcetera)
- Government
CARICERT is set-up to deliver services to their registered constituents. Registration can also be on contract basis for specific services and as such is open to similar sectors in the Caribbean area outside Curaçao. The constituency includes:
- *.an (old Netherlands Antilles tld – is being phased out) as far as based on Curaçao
- *.cw (new Curaçao tld)
- all computer systems and IP-addressable devices situated on Curaçao
- any other systems/networks belonging to other registered constituents
3.3. Sponsorship and/or Affiliation
CARICERT is part of the Curaçao Bureau Telecommunication and Post (BT&P).
3.4. Authority
The team coordinates security incidents on behalf of the country of Curaçao and of their registered constituents – and has no authority reaching further than that. The team is however expected to make tactical and operational recommendations in the course of their work. Such recommendations can include but are not limited to (temporarily) blocking or filtering addresses or networks. The implementation of such recommendations is not a responsibility of the team, but solely of those to whom the recommendations were made.
4. Policies
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled URGENT, in which case they are high priority. CARICERT itself is the authority that can set high priority back to normal – and the other way around. An incident can be reported to CARICERT as URGENT, but it is up to CARICERT to decide whether or not to uphold the high priority status.
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled securely by CARICERT, regardless of its priority. Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label CONFIDENTIAL in the subject field of e-mail, and if possible using encryption as well. CARICERT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf ) – information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately. CARICERT will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymised fashion. If you object to this default behavior of CARICERT, please make explicit what CARICERT can do with the information you provide. CARICERT will adhere to your policy, but will also point out to you if that means that CARICERT cannot act on the information provided. CARICERT does not report incidents to law enforcement, unless national law requires so. Likewise, CARICERT only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that CARICERT cooperates in an investigation. When a court order is absent, CARICERT will only provide information on a need-to-know base.
4.3. Communication and Authentication
See 2.8 above. Usage of PGP/GnuPG in all cases where highly sensitive information is involved is highly recommended. In cases where there is doubt about the authenticity of information or its source, CARICERT reserves the right to authenticate this by any (legal) means.
5. Services
5.1. Incident Response (Triage, Coordination and Resolution)
CARICERT is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2). CARICERT therefore handles both the triage and coordination aspects. Incident resolution is left to the responsible administrators within the constituency – however CARICERT will offer support and advice on request.
5.2. Proactive Activities
CARICERT pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking, and also of ongoing attacks/threats when known/reported to CARICERT. This role is one of advice only: CARICERT is not responsible for implementation.
6. Incident reporting Forms
Not available. Preferably report in plain text using e-mail – or use the phone.
7. Disclaimers
None.