CESNET Czech Education and Scientific NETwork - Computer Security Incident Response Team

CESNET-CERTS has been an official name of CESNET Computer Security Incident Response Team since January 2004. The team consists of employees of the CESNET Association.
The task of the CESNET-CERTS team is a preventive and active protection of computers and networks, and above all the consistent and effective handling of security incidents, which includes the removal of their causes and consequences.
In addition to solve and coordinate security incidents, CESNET-CERTS team also offers additional services. These include education as "tailor-made training", which brings young people, mainly students of the first grades of high schools, to the world of Internet and its services from the point of view of legislation to acquaint them with the basic risks in the use of computer technology and the online world to tell them that Internet has its strength, beauty, but also rules and pitfalls.
Participants in the course will also be given the opportunity to discuss issues that are troublesome and unclear in an open discussion.
Experienced lecturers are ready to answer any question in the most open way. CESNET-CERTS team offers lectures in the following areas: law, cybercrime, freedom on the net, free SW and computer security.

The CESNET-CERTS team is fully responsible for handling and responding to security incidents in the specifically designed domains and in the CESNET2 internal infrastructure. The intended impact is both to mitigate the harms that can occur from a security threat of this nature, but also to prevent those threats / harms from occurring in the future.

In 2011, the Association received two crucial decisions of the Ministry of Education, Youth and Sports of the Czech Republic on funding for two large projects. One of them was the CESNET Large Infrastructure, a project implemented in 2011–2015. The purpose of the project was to renovate the CESNET2 national research network into a large infrastructure, which would include all the information and communications e-infrastructure necessary for connecting the Czech Republic into the European Research Area and enabling, for example, connection to the other e-infrastructures described in the ESFRI Roadmap. Another project, crucial for the Association‘s work, was the Extension of the National R&D Information Infrastructure in Regions (abbreviated to eIGeR), the main objective of which was to build a regional foundation for a comprehensive national research and development e-infrastructure in the Czech Republic. The project was implemented between May 2011 and October 2013. In accordance with the grant decision, the Association is bound to provide sustainability of the project until at least the end of 2018.

Network monitoring and detection of security events and anomalies play an important role in the area of security; in the CESNET e-infrastructure, they are provided by the systems and services FTAS, G3 and the Warden system, operated at a very high-quality level, thus enabling both CESNET administrators and those in connected institutions to improve the quality of network, service and user security. Whether it can be transferred to another country / state would depend entirely on the cooperation mechanisms and willingness of the relevant actors and implementers in that locality.

Regular evaluation by the Ministry of Education, Youth and Sports of the Czech Republic & Annual independent audit

GÉANT Association An association of European national research networks that deals with operation and advancement of the GÉANT European communications infrastructure and coordination of related activities.
GLIF [Global Lambda Integrated Facility] Global experimental network activities, focusing on the support for development of the most demanding scientific and research applications; their main objective is to create a network to serve applications with extreme transmission requirements.
Internet2 Consortium led by American research and education institutions endeavouring to develop and deploy new types of network technologies, services and applications; CESNET has been an associate consortium member since 1999.
PlanetLab Consortium of academic, commercial and governmental organizations all around the world, collectively operating a global computer network designed for developing and testing new telecommunication applications; the network currently encompasses 780 nodes in 31 countries.
EGI.eu Organisation aimed at coordinating European computing grids used for scientific calculations and at supporting their sustainable development.
Shibboleth International consortium for the coordination of development of a service providing a solution for unified login, meaning that a user can use multiple protected network resources using a single login; Shibboleth is the foundation for academic federations of identities.
NIX.CZ CESNET is one of the founding members of NIX.CZ, Association of Legal Entities (Neutral Internet Exchange), an association of Internet service providers in the Czech Republic, allowing mutual connectivity among its members’ networks; the association had 68 members as of 31 December 2015.
CZ.NIC The Association is also one of the founding members of CZ.NIC, Association of Legal Entities, which administers the .cz domain, and supports publicly beneficial projects and activities related with the Internet; the association had 115 members as of 31 December 2015.
Masaryk University, Brno University of Technology, Technical University of Ostrava, University of West Bohemia

Costs total (in 2015) 598,832 CZK (22 934.967 EUR)

Annual Report CESNET Association 2015. Annual Report CESNET Association 2015 [online]. 1. Prague: CESNET, Association of Legal Entities, 2016, 6 - 54 [cit. 2017-07-27]. ISBN 978-80-906308-2-6. Dostupné z: https://www.cesnet.cz/wp-content/uploads/2016/08/Vyrocni_zprava_CESNET_2015_ENG_web.pdf
https://www.cesnet.cz/cesnet/reports/press-releases/cesnet-and-cz-nic-to-build-the-cti-cybersecurity-system/?lang=en
NATIONAL CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD FROM 2015 TO 2020 [online]. Prague: National Security Authority of the Czech Republic, 2015, 1 - 23 [cit. 2017-07-27]. Dostupné z: https://ccdcoe.org/sites/default/files/strategy/CZE_NCSS_en.pdf

https://www.cesnet.cz/
https://csirt.cesnet.cz//cs/index
https://ccdcoe.org/sites/default/files/strategy/CZE_NCSS_en.pdf
https://www.govcert.cz/download/gov-cert/container-nodeid-578/ap-cs-2015-2020-en.pdf

Creating an effective model of cooperation and confidence building between CERT and CSIRT workplaces at international level, international organizations and academic centres is one of the main goals of the Action Plan for the National Cyber Security Strategy of the Czech Republic for the period 2015 to 2020. It remains in line with recommendations from Europol and the European Commission in strengthening cyber-security infrastructures and protecting vulnerabilities in an increasingly digital world, and in the context of an increase in cyber threats and attacks.

Since 2013, the Association has run the FLAB forensic laboratory, which provides services such as analysis of security incidents or penetration and loading tests for preventive verification of integrity, credibility and availability of systems run. The laboratory services are available not only to CESNET e-infrastructure members but to other clients as well. The Association pays great attention to awareness raising among users and administrators of the connected computer networks. The effect is that vulnerabilities are protected, and future attacks are prevented, thus achieving the intended impact of the Network.

The Association performs and provides its activities within the scope of received subsidies and partial compensation of expenses related to these activities. It is not the Association’s objective to generate any profit on these activities. In addition to its main activities, the Association also pursues economic/business activities; however, solely with the purpose of making more efficient use of its property and without any negative impact on research activities. The services are not provided on a publicly available basis. The Association provides CESNET e-infrastructure services not only for its members, but also for selected entities that comply with the rules for accessing the e-infrastructure. Any loss incurred in connection with the Association’s economic/business activities is settled by the end of each fiscal year; otherwise, the Association will abandon the economic/ business activities in question before the beginning of the following fiscal year. The Association uses all the profits to promote research and development, thus achieving more cost-effective sustainability.

With regard to the increasing frequency and intensity of DDoS attacks, CESNET intensely pursued the issues of protection of network communication infrastructure and connected participants. It made RTBH services accessible in a pilot mode in the CESNET2 network environment for their needs. Participants can now effectively block attacks aimed against their infrastructures by themselves across the entire CESNET2 network. In the area of specific network services, the Association continues building the national optical infrastructure for time and frequency transmission – TF infrastructure.
Regarding its international activities, the Association continues supporting projects in LHC, the Pierre Auger Observatory experiment, the Belle project, and more recently, the ELIXIR and CLARIN projects. At the national level, we focus on direct support of user groups in the Czech Republic interested in using the pan-European EGI infrastructure.

04/2017 – 12/2021
CESNET and CZ.NIC have been awarded a public contract by the Ministry of the Interior of the Czech Republic to build a Cyber Threat Intelligence security system.
Cyber Threat Intelligence (CTI) systems represent an up-to-date tool designed primarily to improve the security of computer networks and to gather the maximum relevant information significant for adopting qualified strategic, tactical or preventive security measures.
The main output of the Building and trial operation of the Cyber Threat Intelligence system project (VH20172021022), which has been awarded a project grant by the Ministry of the Interior of the Czech Republic under the Research, Development and Innovation Programme of the Ministry, is building and trial operation of the cyber threat detection, identification and prediction system and evaluation of security incidents. The system will enable the sharing of information regarding security events, incidents and threats both between the national and governmental CERT security team, and between the national and governmental CERT security team and selected electronic communications network operators.

The team closely cooperates with other security teams and relevant organisations at the national and international levels, is a member of the CSIRT. CS Working Group, organised by the Czech Republic’s National CSIRT Team, and is also involved in the TF-CSIRT platform run by GÉANT.