CSIRT

SOVEREIGN INTELLIGENCE CSIRT

CSIRT Description Sovereign Intelligence-CERT

-----------------------------

1. About this document

1.1 Date of Last Update

This is version 1.01, published 2021/07/12.

1.2 Distribution List for Notifications

No distribution list exists to notify changes to this document.

1.3 Locations where this Document May Be Found

The current version of this CSIRT description document is

available from the Sovereign Intelligence site; its URL is sovereign.ai/rfc2350

2. Contact Information

2.1 Name of the Team

Sovereign-CERT

2.2 Address

Sovereign Intelligence, LLC

1775 Tysons Blvd. 5th Floor

McLean, VA 22102

2.3 Time Zone

Canada/Eastern (GMT-0500, and GMT-0400 from April to October)

2.4 Telephone Number

Only available internally.

2.5 Facsimile Number

None available.

2.6 Other Telecommunication

None available.

2.7 Electronic Mail Address

cert@sovereign.ai

2.8 Public Keys and Other Encryption Information

Sovereign-CERT has the following PGP Key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: FlowCrypt Email Encryption 8.1.1

Comment: Seamlessly send and receive encrypted email

xjMEYO82axYJKwYBBAHaRw8BAQdAl0iHqfZxZlZ4ECl3AaI4sXPlbPw6Yb65

5Y4xC/aUvx/NIlNvdmVyZWlnbiBDZXJ0IDxjZXJ0QHNvdmVyZWlnbi5haT7C

jwQQFgoAIAUCYO82awYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEK80

fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhqyAAD8Dv8wDqgLei6rpKPo

OS4OVLMls9IrxJVkI2uACR6C14oA/R6viJCBZfJri+pPnD+OIY2SkNuCRxsE

cBGLiDZAESIMzjgEYO82axIKKwYBBAGXVQEFAQEHQOiPQwkxN1JNMY51AnRP

IaSfqF3jPKck6v1wE4FdU1xeAwEIB8J4BBgWCAAJBQJg7zZrAhsMACEJEK80

fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhr4IwD9H4X7tKRJlY7dMXnQ

UTYu8pEMgCzrA4F6/UGHvpwrh+IA/A3DVSdHV/HjBttpbpfGWRDDN4XWQYeD

L/gzNU5xh64F

=tqI0

-----END PGP PUBLIC KEY BLOCK-----

2.9 Team Members

Sovereign-CERT’s team leader is John Gullette.

2.10 Other Information

General information about the Sovereign Intelligence can be found at: sovereign.ai

2.11 Points of Customer Contact

The preferred method for contacting the Sovereign-CERT is via

e-mail at cert@sovereign.ai; e-mail sent to this address

will "biff" the responsible human, or be automatically

forwarded to the appropriate backup person, immediately. If

you require urgent assistance, put "urgent" in your subject

line.

The Sovereign-CERT’s hours of operation are generally restricted to

regular business hours (09:00-17:00 (ET) Monday to Friday except

holidays).

3. Charter

3.1 Mission Statement

The purpose of the Sovereign-CERT is to provide for Sovereign Customers cyber threat intelligence on how to protect their information infrastructure assets and systems from cyber threats and incidents.

3.2 Constituency

Sovereign-CERT’s constituency are Sovereign Intelligence and the customers of Sovereign Intelligence.

An overview of the organisation and customers of Sovereign Intelligence can be found at: sovereign.ai.

3.3 Sponsorship and/or Affiliation

N/A

3.4 Authority

The Sovereign-CERT expects to work cooperatively with the responsible staff of the Sovereign customers. The authority of the Sovereign-CERT is established by the provisions in the customer contract.

4. Policies

4.1 Types of Incidents and Level of Support

Sovereign-CERT is authorized to address all types of computer security

incidents which occur, or threaten to occur, in our constituency (cf.3.2). The level of support will vary depending on the service level agreement with the constituent and the Sovereign-CERT’s resources at the time.

4.2 Co-operation, Interaction and Disclosure of Information

The Sovereign-CERT cooperates with other organisations in the field of

computer security. This cooperation also includes and often requires

the exchange of vital information regarding security incidents and

vulnerabilities. Nevertheless Sovereign-CERT will protect the privacy of its customers, therefore (under normal circumstances) will pass on information in an anonymized way only unless agreed upon by the constituents.

The Sovereign-CERT operates under the restrictions imposed by United States

law. Therefore it is also possible that - according to United States law -

Sovereign-CERT may be forced to disclose information due to a Court's

order. Please note that Sovereign-CERT is in no way obliged to report

criminal offences to the police.

4.3 Communication and Authentication

Sovereign-CERT protects information in accordance with US and European regulations.

5. Services

5.1 Incident Response

Sovereign-CERT coordinates incident prevention, handling, and response for Sovereign Intelligence; and provides Sovereign customers incident response services according to their service level agreement.

5.1.1 Incident Triage

For Sovereign Intelligence, Sovereign-CERT is responsible for:

- Investigating whether indeed an incident occured.

- Determining the extent of the incident and which customers may be involved.

5.1.2 Incident Coordination

For Sovereign Intelligence, Sovereign-CERT is responsible for:

- Determining the initial cause of the incident

(vulnerability exploited)

- Notify other CSIRTs if appropriate.

5.1.3 Incident Resolution

For Sovereign Intelligence, Sovereign-CERT is responsible for:

- Removing the vulnerability.

- Securing the system from the effects of the incident

5.2 Proactive Activities

For Sovereign Intelligence, Sovereign-CERT is responsible for:

- Intrusion detection

- Vulnerability management

- Mailing Lists to inform the Constituency of important issues.

6. Incident Reporting Forms

There are no local forms developed yet for reporting incidents

to Sovereign-CERT. If possible, please make use of the Incident

Reporting Form of the CERT Coordination Center (Pittsburgh,

PA). The current version is available from:

ftp://info.cert.org/incident_reporting_form

7. Disclaimers

While every precaution will be taken in the preparation of

information, notifications and alerts, Sovereign-CERT assumes no

responsibility for errors or omissions, or for damages

resulting from the use of the information contained within.

Effective as of June 1, 2021

Website Information

CSIRT

Subscribe to The Blog