-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. Document Information This document contains a description of the National Cyber Security Centre of Ireland's (NCSC-IE) Computer Security Incident Response Team (CSIRT-IE) in accordance with RFC 2350. It provides fundamental information about the CSIRT-IE team, its channels of communication, and its roles and responsibilities. 1.1 Date of Last Update Version 3.0 - November 18th, 2025 1.2 Distribution List for Notifications There is no dedicated public distribution list; information dissemination is primarily handled through the services described in Section 5. 1.3 Locations where this Document May Be Found The current version of this document can be found on the NCSC website; its URL is: https://www.ncsc.gov.ie/pdfs/RFC2350%20NCSC-IE.txt 1.4 Authenticating this document This document has been signed with the NCSC-IE PGP key. The signature is also available on our website at URL: https://www.ncsc.gov.ie/PGP/pgpkey.asc 2. Contact Information 2.1 Name of Team Computer Security Incident Response Team for Ireland (CSIRT-IE) 2.2 Address CSIRT-IE, National Cyber Security Centre, Department of Justice, Home Affairs and Migration, Tom Johnson House, Haddington Road, D04K7X4, Ireland. 2.3 Time Zone Co-ordinated Universal Time + 01:00 (UTC + 1) during British Summer Time (BST). UTC, alternatively known as Greenwich Mean Time (GMT), for the remainder of the year. 2.4 Telephone Number +353 1 6782333 2.5 Other Telecommunication None available 2.6 Electronic Mail Address Incident Reporting: certreport@ncsc.gov.ie or incident@ncsc.gov.ie. General Enquiries: info@ncsc.gov.ie. 2.7 Public Keys and Encryption Information Encrypted communications with certreport@ncsc.gov.ie should utilise the operational PGP key found here: https://www.ncsc.gov.ie/PGP/pgpkey.asc. 2.8 Team Members The team comprises information security specialists and civil servants from the NCSC-IE . 2.9 Points of Customer Contact The preferred method to contact the CSIRT-IE for incident reporting is to send an e-mail to certreport@ncsc.gov.ie, which is monitored by a duty officer during hours of operation. If it is not possible (or not advisable for security reasons) to use e-mail, CSIRT-IE can be reached by telephone during regular office hours. Communication out of hours will be handled on a best effort basis, any communication received out of hours which has not been dealt will be addressed by duty officer during office hours. CSIRT-IE Hours of Operation (Incident Response): 09:00 to 16:30 Monday to Friday, excluding public holidays. 3. Charter 3.1 Mission Statement CSIRT-IE's mission is to support Government departments, core agencies, Operators of Essential Services (OES), and Digital Service Providers (DSP) in responding to cyber incidents, including malicious cyber-attacks that could hamper the integrity of their information system assets and/or harm the interests of the Irish State. The scope of CSIRT-IE's activities covers prevention, detection, response, and mitigation services to its defined constituency. 3.2 Constituency The constituency of CSIRT-IE is composed of all: 1. Government departments and core agencies of the Irish State. 2. Operators of Essential Services (OES), designated under S.I. 360 of 2018 (or successor legislation). 3. Digital Service Providers (DSP), subject to the obligations outlined in S.I. 360 of 2018 (or successor legislation). Note: The provision of direct support and level of assistance will vary based on the constituent type and regulatory requirements, but information dissemination services apply to all. 3.3 Sponsorship and/or Affiliation CSIRT-IE is the operational arm of the NCSC within the Department of Justice, Home Affairs and Migration and is publicly funded. 3.4 Authority The establishment of CSIRT-IE was mandated by a decision of the Government of Ireland, with specific statutory powers granted under S.I. 360 of 2018 (and subsequent legislation) pertaining to the oversight of OES and DSPs. 4. Policies 4.1 Types of Incident and Level of Support The CSIRT-IE is authorised to handle cyber security incidents. A cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity, or availability of network and information systems of CSIRT-IE's constituents (Government entities, OES, and DSPs). The level of support given by CSIRT-IE will vary depending on the incident’s classification, categorisation, severity, the constituent impacted, available resources, and the legislative mandate (e.g. NIS). 4.2 Co-operation, Interaction and Disclosure of Information CSIRT-IE operates within the confines imposed by EU and Irish national legislation. Information is shared only with trusted national and international partners on a need-to-know basis and, unless otherwise required by law, in an anonymised fashion. CSIRT-IE utilises the Information Sharing Traffic Light Protocol (TLP) as the standard for controlled information exchange with constituents (Government entities, OES, and DSPs) and partners. 4.3 Communication and Authentication For normal communication, conventional methods are used. In view of the types of information that CSIRT-IE handles, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. For secure communication involving authentication or sensitive data exchange with Government entities, OES, and DSPs, PGP encrypted e-mail and the telephone are the preferred methods. Where it is necessary to establish trust, for example before relying on information given to the CSIRT-IE, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust. Within NCSC-IE, and with known neighbouring partners, referrals from known trusted people will suffice to identify someone. Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail containing data that must be trusted verified directly with the sender or through the use of digital signatures, particularly PGP, which is supported. 5. Services CSIRT-IE provides a comprehensive portfolio of services to its constituency. These services are designed to meet the distinct security and regulatory needs of Irish Constituents. 5.1 Information Security Incident Management This service area focuses on activities related to the detection, analysis, response, and coordination of confirmed security incidents. Service: Information Security Incident Report Acceptance Description: CSIRT-IE is the mandatory point of contact for all constituents (Government entities, OES, DSPs) to report incidents, including those under statutory NIS obligations. Service: Information Security Incident Analysis Description: CSIRT-IE provides technical and organisational assistance to constituents, including triage, prioritisation, and detailed analysis to identify the scope, impact, and root cause of the incident. Service: Artifact and Forensic Evidence Analysis Description: Specialised analysis of digital artefacts and malicious code is provided to support containment and recovery actions for critical constituents. Service: Crisis Management Support Description: CSIRT-IE coordinates the high-level management and response to major cyber-attacks affecting the Irish State, including those impacting multiple OES or DSP sectors. 5.2 Information Security Event Management This service area encompasses continuous monitoring, detection, and analysis activities to proactively identify potential threats and precursors targeting the constituency. Service: Monitoring and Detection Description: CSIRT-IE operates advanced detection capabilities, including the Government Sensor Programme and Early Warning Service. These programmes deploy distributed sensors across Government Departments to provide centralised, real-time event data collection and analysis, facilitating proactive threat detection and hunting. Service: Event Analysis Description: All potential security events detected from monitoring sources (including the Government Sensor Programme and Early Warning Service) are triaged, qualified, and prioritised to assess the immediate risk to the constituent base. Service: Situational Awareness Description: CSIRT-IE continually aggregates and analyses intelligence from national and international partners to provide a current view of the threat landscape relevant to all key sectors. 5.3 Vulnerability Management This service area focuses on the systematic identification, analysis, mitigation, and communication of vulnerabilities that affect the constituent base. Service: Vulnerability Analysis Description: CSIRT-IE performs in-depth analysis of newly disclosed vulnerabilities, assessing their potential impact and exploitability within the constituent environment (Government, OES, and DSPs). Service: Vulnerability Handling Coordination Description: CSIRT-IE acts as the national coordinator for Coordinated Vulnerability Disclosure (CVD), providing a channel for researchers to report vulnerabilities affecting Irish entities and ensuring responsible disclosure and mitigation across the constituency. Service: Vulnerability Information Distribution Description: CSIRT-IE issues timely Alerts and Advisories on critical vulnerabilities, providing constituents with specific remediation guidance and mitigation measures. 5.4 Knowledge Transfer This service area is dedicated to supporting the constituency's human and organisational capacity by delivering knowledge, security advice, and alerts. Service: Information Dissemination Description: CSIRT-IE actively distributes timely and relevant warnings and advisories to all constituents. Details of this service are available through the "Emails from" section of the website, which provides tailored information on risks, emerging threats, and high-impact campaigns. Service: Technical Advice Description: CSIRT-IE provides technical advice, recommendations, and mitigating measures to constituents on risks, threats, and vulnerabilities, supplementing formal advisories. Service: Information Security Status Reporting Description: CSIRT-IE provides regular reports on aggregated information security status and trends affecting its constituency to senior leadership and relevant oversight bodies. 6. Incident Reporting Forms If you are an official in a Government department, core agency, Operator of Essential Services, or Digital Service Provider with the authority to make a report, an incident reporting form is available upon request, or an email with brief details can be sent directly to certreport@ncsc.gov.ie. 7. Disclaimers The National Cyber Security Centre on behalf of CSIRT-IE does not accept any legal liability whatsoever arising from, or connected to, the accuracy, reliability, currency, or completeness of any material published on its website or any linked website. We strongly recommend that users exercise their own judgement with respect to the use of this website and carefully evaluate the accuracy, currency, completeness, and relevance of the information for their purposes. This disclaimer applies equally to all Government entities, OES, and DSPs receiving guidance from CSIRT-IE. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE9Lv8s85r/ezUyRPqMZ+UMt7hFRQFAmkfTWIACgkQMZ+UMt7h FRTSfAf7BokcirWyOTwDgxYlVer5vk1zPncDrnbg5TSAkqIR/Vk/zP49c6QxUOhW zRlSaE//Soz2nTenoMw62PhZTWFP4AbyefSeBxFgMjZe9ZIrKG+a9y1OfCFbSDPX Gk1/BbVoqzr6VdG3w5Rxi5RUoKHJiymAcAt6rHkLv8k4akVMUTlWiVNSzKK51cNT gCGEwAEB0l88M/UqSOVC3PMFwPvbSItHsTkBnLd7fl5ij93meC+EUlZytHojnksf TMrGzMc6f9SsN/BxxfWQcI/ClOXfZpYgM9BCYXI5bYCWMopahf5tBcup+/Ps5jYo 8bFK5ooAxqvgOtx6Jseq3MoX6DU1Jg== =URcE -----END PGP SIGNATURE-----