Navigation path

Action 38 in Portugal flag Portugal

Member States to establish pan-European Computer Emergency Response Teams

Indicator Status Evidence
Has a national or governmental CERT been established? Yes Under a formal agreement with the government, FCCN – Foundation for National Scientific Computing/CERT.PT has been acting as de facto national CERT since 2005. FCCN/CERT.PT is the portuguese National Research and Education Network incident response team. Since 2005, FCCN/CERT.PT has been acting as de facto national CERT and focal point of contact for incident handling both internally and abroad. Besides the already mentioned CERT.PT, two additional internationally recognized CSIRTs were established: CSIRT.FEUP and CERT.IPN. On the initiative of the FCCN CERT.PT the National CSIRTs Network was created of to improve responsiveness to threats of network and information systems security, including critical infrastructures. This network currently includes 2 internationally registered CSIRTs mentioned above (CERT.PT, CSIRT.FEUP), 7 operators / ISPs, 3 banks), a company in the energy sector, a startup company, a unit of the Ministry of Internal Affairs, a non-profit association, the General Staff of the Armed Forces, and the Institute of Information technologies of the Ministry of Justice.
Is the CERT fully operational? Yes FCCN/CERT.PT provides the operational baseline capabilities described at ENISAs “Baseline capabilities for national / governmental CERTs (Part 1 Operational Aspects)”. This includes Incident Handling, Analysis and Reporting, Alerts and Warnings and Sharing of security related information. See http://www.cert.pt/en/ FCCN/CERT.PT also promotes the creation of new CERT teams, provides training for CERT staff members and coordinates a portuguese CERT network with members from academia, ISPs, banking sector, Defense, Public Administration and Critical Infrastructure Operators. See http://www.cert.pt/index.php/rede-nacional-csirt/directorio Within the national CERT network, members have agreed on common taxonomy for incident handling and incident classification, information exchange formats, and response best practices for each type of incident.
Does the CERT participate in international CERT communities/initiatives? Yes CERT.PT is an acredited team of Trusted Introducer in Europe since 2004 and full member of FIRST since 2011. Within TF-CSIRT, CERT.PT worked in the specification and development of incident handling tools like RTIR. Furthermore CERT.PT participated in several activities of ENISA in the areas of CERTs and CIIP. CERT.PT is partner member of European Commission co-funded project NISHA and has some bilateral agreements for mutual assistance and information sharing with some European and non-European CERT teams. CERT.PT has also applied, along with several CERT and non-CERT partners in Europe, for a grant on the European Commission call for “Fighting botnets”.

Best Practice Case

International cooperation among CERTs is a best practice, because it fosters trust which is essential for information sharing and mutual assistance effectiveness. It also helps developing capabilities.

Other initiatives:

On April 2012 the Portuguese government created a commission to set-up a National Cybersecurity Center whose mandate completed in July.

External contribution

External contributions are more than welcome. If you would like to share with us a country, regional or local-level initiative relevant for this DAE action, you can do it via the online form.