1 Document information
This document contains a description of CERT-IS in accordance with RFC-2350.
1.1 Date of Last Update
This document was updated on 2023-01-05.
1.2 Distribution List for Notifications
No explicit distribution list for notifications is implemented. Constituents and other interested parties are directed to the current on-line version.
1.3 Locations Where This Document May Be Found
The current version of this profile is always publicly available on https://www.cert.is/um-cert-is/rfc2350
2 Contact Information
2.1 Name of the Team
Full name: Computer Emergency Response Team - Iceland
Short name: CERT-IS
The Electronic Communications Office of Iceland (ECOI)
2.3 Time Zone
Greenwich Mean Time (GMT-0) is in effect throughout the whole year.
Summer or Winter time adjustments are never used.
2.4 Telephone Number
ECOI main switchboard: +354-510-1500
2.5 Facsimile Number
+354-510-1509 (NOTE not a secure fax) - mark CERT-IS clearly on any facsimile material
2.6 Other telecommunications
TETRA encrypted radio communications with other responders, as well as those constituents so equipped
Duty Officer’s on-call mobile number is made available to constituents upon request and belonging to managed teams of critical infrastructure.
2.7 Electronic Mail Address
Team e-mail: email@example.com (PGP 0x13E9308B)
Report phishing links: firstname.lastname@example.org
2.8 Public Keys and Encryption Information
CERT-IS supports PGP/GnuPG for secure communications. The current keys for our e-mail addresses can be found at https://www.cert.is/pgp, as well as on keyservers at Symantec PGP directory and OpenPGP.
Fingerprints and other key information can also be found at CERT-IS Twitter handle.
Please use the appropriate PGP keys when you encrypt messages that you send to CERT-IS. When relevant, CERT-IS will sign messages using the same key. Please sign your messages using your own key. It helps if the key is verifiable using public keyservers, or the fingerprint is verifiable from a separate source. Please ensure CERT-IS can locate your public key if you want to communicate securely with CERT-IS.
2.9 Team Members
Please use our team e-mail address when you need to establish contact with individual team members.
Member of established support groups for Critical Infrastructure are given contact information for supporting CERT-IS staff.
2.10 Other information
Refer to the CERT-IS web page - https://www.cert.is.
2.11 Points of Customer Contact
Refer to our telephone numbers and e-mail addresses. CERT-IS regular response hours are 8:00 to 16:00 Monday-Friday, except Icelandic public holidays, otherwise on best-effort basis. CERT-IS operates on-call duty officer service available 24 hours every day of the year for organizations defined as critical infrastructure.
3.1 Mission Statement
The mission of CERT-IS is to reduce cyber-risk in the networks and computer systems of it’s constituents, monitor cyber-threats and vulnerabilities and assist in coordinating and mitigating incidents.
CERT-IS acts as the national point-of-contact for matters related to cyber security in Iceland, and as such, develops cooperation and information exchange with partners in other countries. CERT-IS assists on best-effort basis in reducing risk and mitigating incidents that occur in or affect Icelandic networks and systems.
CERT-IS continuously assesses the status of the Icelandic constituency through information gathering and analysis. The situation as reflected by the analysis is disseminated to the constituency in an effort to incrementally improve the overall status of cyber security. In certain cases CERT-IS can issue binding directives to it’s constituents regarding cybersecurity issues.
CERT-IS contributes to the overall cyber security in Iceland by providing alerts and contributing to publicly available educational material.
CERT-IS operates a SOC for eligible government entities and can enter into a contract to provide certain cybersecurity services to eligible entities.
CERT-IS is the national CERT of Iceland and as such the national point-of-contact for cyber security related incidents.
By law, the constituency of CERT-IS are registered telecommunications operators in Iceland, critical infrastructure providers and certain eligible government entities as well as parties that have contracted for the services of the team.
CERT-IS is the CSIRT of last-resort, i.e. directs incident reports to the parties most suitable to handle them effectively. CERT-IS welcomes all incident reports of significance to Icelandic interests regardless of the reporter’s nationality or affiliation.
A complete description of the constituency is available at the CERT-IS homepage.
3.3 Sponsorship and/or Affiliation
CERT-IS an organisational unit under the Electronic Communications Office of Iceland (ECOI)
CERT-IS coordinates security incidents on behalf of its constituency in accordance with Icelandic laws. As a coordinating and advisory body, CERT-IS advises constituents and has limited authority to issue binding directives to constituents that are defined as critical infrastructure. However, CERT-IS is expected to make operational recommendations regarding cyber security, including best practices, vulnerabilities and vulnerability management, mitigation of incidents and incident handling. Recommendations in handling individual incidents may include mitigating measures such as temporarily blocking IP addresses or networks and disabling potentially malicious webs. Implementation is solely the responsibility of the parties that receive and implement the recommendations or directives of CERT-IS.
The authority and mandate of CERT-IS is further detailed in Icelandic laws and regulations, including
4.1 Types of Incidents and Level of Support
CERT-IS accepts and triages all incidents reported, regardless of the affected sector or party. Incidents are prioritized and handled on a best-effort basis after triage. Incidents believed to affect the constituency of CERT-IS are prioritized.
CERT-IS advises the National Commissioner of the Icelandic Police
on escalation and handling of critical incidents, such as those that potentially affect the security of the country or population at large.
4.2 Co-operation, Interaction and Disclosure of Information
CERT-IS handles all incoming information confidentially, regardless of its source and priority. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE or CONFIDENTIAL in the subject of the e-mail message. Encryption of sensitive material in e-mail messages is highly recommended.
CERT-IS observes the Traffic Light Protocol (TLP) and handles information labeled as CLEAR, GREEN, AMBER, AMBER+STRICT and RED accordingly.
CERT-IS will use information provided to help mitigate security incidents, as all CERTs do. CERT-IS will respect TLP and other confidentiality labels but reserves the right to act on all actionable indications of threats and malicious behavior that can be of threat to the constituency. Information will be anonymized as far as practical and disseminated on a need-to-know basis. Please state clearly in communications if you object to this practice and wish to impose stricter limitations on dissemination. CERT-IS will respect your policy but will also point out if that means that CERT-IS cannot act on the information provided.
of incidents and risks that may lead to serious impact on critical infrastructure, national security or the general public.
CERT-IS is obliged to notify the relevant authorities of critical incidents reported by operators of essential services and digital services providers under the provisions of law 78/2019.
CERT-IS operates under the restrictions imposed by Icelandic law.
4.3 Communication and Authentication
Usage of PGP/GnuPG or other pre-approved, cryptographic means is highly recommended in cases where sensitive information is submitted to CERT-IS, both for signing and encryption. In particular, use of PGP keys is highly recommended when sending material labeled as TLP:AMBER or higher to CERT-IS. Please advise CERT-IS of your public PGP keys if you wish to receive encrypted communications from CERT-IS. Please contact CERT-IS if you are unable or not willing to use PGP encrypted e-mail communications for advice regarding secure exchange of sensitive information.
CERT-IS reserves the right to verify the authenticity of information provided and/or sources by any legal means. CERT-IS authenticates all communications by signing with either the team key or by keys belonging to one of it’s staff.
5.1 Reactive Services (Incident Response, Triage, Co-ordination and Resolution)
CERT-IS triages and coordinates reported security incidents that involve its constituents as defined in and for the prioritization of incidents.
CERT-IS reserves the right to reject or redirect any incident report that is believed to be out-of-scope for its mandate. CERT-IS prioritizes incidents according to the affected constituency and severity and reserves the right to reject or handle at a best-effort basis any incidents received during periods of high demand.
CERT-IS incident handling is limited to co-ordination, consultation and information dissemination as needed to mitigate the immediate threat posed by a cyber incident. Preventive or mitigating actions are the responsibility of the owners/operators of the affected systems, whether or not those parties are constituents. CERT-IS offers support and advice as requested. CERT-IS is not responsible for implementation of recommended preventive or mitigation measures.
CERT-IS may additionally handle incident forensics as part of it’s SOC services provided to select eligible and contracted constituents. The constituent has the responsibility of acquiring and providing any equipment or data or access to thereof to assist in the forensics process.
5.2 Proactive Services
CERT-IS proactively advises their constituents regarding vulnerabilities and cyber security threats and trends. Reports are produced on a regular basis and disseminated to a) the public, b) groups of constituents, c) national cyber security council and the national security council or d) individual constituents. Reports may be restricted in accordance with TLP as appropriate. CERT-IS is not responsible for the implementation of recommended policies.
CERT-IS contributes to public cybersecurity awareness by producing public advisories and cooperating with public interest groups.
6 Incident Reporting Forms
Please report incidents in plain text via e-mail (PGP encrypted if possible) or by phone. Operators of essential services and digital services providers can utilize an electronic form available at https://cert.is/leidbeiningar-i-atvikum/tilkynna-atvik/ or alternatively https:/oryggisatvik.island.is to report incidents.
While every precaution is taken in the preparation of information, notifications and alerts, CERT-IS assumes no responsibility for errors or omissions, or for damages resulting from the use of information contained within.