Mission
csirtPT’s mission is to contribute to the domestic cybersecurity effort in the scope of the National CSIRT Network, namely in the coordination and treatment of responses to security alerts that involve the networks for which Portugal Telecom is directly responsible, to the production of alerts, with mitigation recommendations associated, and in general to the promotion of a culture of Internet security in Portugal with special emphasis on business sectors.
Community Served
csirtPT responds primarily to computer security incidents in the context of networks and services operated by PORTUGAL TELECOM reported by other domestic or foreign CSIRTs, as well as legal authorities, telecommunications operators or bodies that dedicate themselves or deliver relevant services in terms of cybersecurity. Additionally, it collaborates in the response to computer security incidents within the national territory, especially the CSIRTs with which it has established agreements, notably CERT.PT.
Operating policy
csirtPT’s privacy and data protection policy determines that critical information may be conveyed to third parties exclusively in case of real need with prior, express consent of the individual or entity that such information concerns.
Services
- Treatment of Computing Security incidents
csirtPT’s main service is the treatment of computing security incidents. A computing security incident is any action or set of actions performed against a computer or computer network which results or may result in the loss of confidentiality, integrity or performance of a data communication network or computing system, namely unauthorised access, information modification or removal, interference with or denial of service in a computer system.
csirtPT treats computer security incidents in the context of the PT Group’s networks and services in Portugal i.e. incidents in which the origin or target of the attacks is a PT network or service. In case of incidents outside this scope, csirtPT maintains a number of protocols with other entities, which may be activated in case of need.
csirtPT responds to different types of security incidents, according to the classification defined in the Incident Classification Policy, available on the National CSIRT Network.
- Coordination of security incidents
Whenever necessary, csirtPT coordinates the response to incidents among the entities involved. This coordination typically involves the victims of the attacks and ISPs or other CSIRTs involved. Incident coordination includes support for the analysis of the incident, collection and preservation of information about potential victims and communication with these latter or respective CSIRTs. The incident coordination service is performed in the scope of the National CSIRT Network for incidents within the national territory, according to established protocols.
- Dissemination of alerts
csirtPT proposes to gather information received from the security monitoring systems of Portugal Telecom’s networks and to assess the respective criticality level. Based on this latter, the analysed information may result in a security alert, a recommendation or a mere informative note.
This key may be found at the usual key servers on the Internet such as for example http://www.keyserver.net/ or pgp.mit.edu.
Responsibility safeguard
Although every precaution is taken to prepare information disclosed either via the Internet portal or distribution lists, csirtPT does not assume any responsibility for errors, omissions or damages as the result of the use of such information.