Navigation path

Action 38 in Belgium flag Belgium

Member States to establish pan-European Computer Emergency Response Teams

Indicator Status Evidence
Has a national or governmental CERT been established? Yes In the second half of 2009 the Federal Public Information and Communication Technology Service (Fedict) signed a contract with the National Research and Education Network Belnet that appointed Belnet to operate the Belgian National CSIRT, funded by Fedict. Belnet was chosen since it already operated the Belnet CERT, thus having the advantage of possesing active knowledge of and experience in incident handling and CSIRT best practices. Morover the Belnet CERT team was already known to and acknowledged by the international CSIRT community as a accredited member of TF-CSIRT and FIRST. The initial Royal Decree of 11 May 2001 establishing the Federal Public Information and Communication Technology Service Fedict was changed by royal Decree on 9 May 2012, adding the following: “A new task is the management of the Computer Emergency Response Team (CERT) for detecting, observing and analysing online security problems and the continuous task of informing it’s users on those problems” (translated from Dutch). The team is acredited by TF-CSIRT and has matured in it’s role as a national CSIRT. In 2011 received 2609 incident reports, traeted 1494 incidents and ran 1161 investigations. In the same year published 2058 advisories and 3 recommendations on the ‘Pro’ part of it’s website and published 16 advisories and 8 recommendations on the ‘Citzen’ part of the website. It also publishes a weelky newsletter. The mission statement of is to help Belgian key resources, critical information providers and the Belgian public protect their IT-infrastructure by: · providing information on incidents, · helping them to handle incidents, · coordinating the response to major incidents, · helping them develop their own CSIRT activities, · sharing data and knowledge. In the course of 2012 the team has been working on a marketing and communication strategy, leading to better exposure in general and specialized media (including national radio and television), enhancing it’s reach and has been actively participating in the DNSChanger malware group, leading to the creation of the website. A well-planned media campaign resulted in more than 1,3 million unique visitors to the site and to a reduction of the number of infected machines in Belgium from 4000 to 1700. A brochure and flyer aimed towards professional IT users can be found on the site:
Is the CERT fully operational? Yes can be considered as being fully operational but it is still expanding it’s services and improving the existing ones. It is in the process of becoming a member of the EGC (European Governmental CSIRT’s) and is seeking how it can expand its ‘de-facto’ govcert role to an officially mandated one (also upon Fedict request). The above-mentioned evidence should also support this part.
Does the CERT participate in international CERT communities/initiatives? Yes The team (that merged with Belnet CERT) is an active and accredited member of TF-CSIRT and FIRST. Members of the team are present at the meetings and contribute with talks and presentations. In 2011 the team also hosted the first AbuseHelper workshop in Brussels. The aim was to bring together CSIRTs that are seeking to use automation to help them to treat the growing number of incidents and to encourage better sharing of knowledge and information on ongoing incidents. Since then other European CSIRTs have also organized similar workshops.

Best Practice Case

CSIRTs are based on mutual trust and being part of the European and worldwide community is generally considered best practice. More and more teams are facing a growing number of automated sources that report a large volume of Internet abuse. Switching to automated handling of the information from these sources should free valuable resources for other tasks in the CSIRT teams.

Other initiatives:

The team has played a very active role in encouraging better sharing of knowledge and operational information on ongoing incidents. The team is also a strong supporter of the idea that communication is an essential service for any CSIRT. It thus strongly encourages teams to engage a communication specialist to assist the team. believes this should become accepted as best practice. Presentations on both topics were given at the most recent FIRST annual conference in Malta.

External contribution

External contributions are more than welcome. If you would like to share with us a country, regional or local-level initiative relevant for this DAE action, you can do it via the online form.