RFC 2350

  1. Document Information

    This document contains a description of Sri Lanka CERT|CC in accordance with RFC 2350. It provides basic information about Sri Lanka CERT|CC, its channels of communication, and its roles and responsibilities and the services offered by Sri Lanka CERT|CC.

    1. Date of Last Update

      This is version 1.6, published 22-09-2020

    2. Distribution List for Notification

      The up to date document will be available in this page. The management of Sri Lanka CERT|CC shall be updated with the latest updates via email.

    3. Document Identification

      4. Title: “RFC 2350 Description for Sri Lanka CERT | CC”
      Version: 1.6
      Document Date: 22-09-2020
      Expiration: This document is valid until superseded by a later version.

  2. Contact Information
    1. Name of the Team

      2. Sri Lanka CERT|CC, Sri Lanka Computer Emergency Readiness Team | Coordination Centre

    2. Address

      3. Room 4-112
      BMICH (Bandaranayake Memorial International Conference Hall)
      Bauddhaloka Mawatha
      Colombo 07
      Sri Lanka.

    3. Time Zone

      4. Time zone: India Standard Time (GMT+0530)

    4. Telephone Number

      5. +94 11 2 691 692
      +94 11 2 679 888

    5. Facsimile Number

      6. +94 11 2 691 064

    6. Other Telecommunication

      7. LinkedIn: www.linkedin.com
      Facebook: www.facebook.com

    7. Electronic Mail Address

      8. General Mail address: cert@cert.gov.lk. Emails will be responded from 8.30am to 5.30pm
      Fb and Social media could be reported using report@cert.gov.lk. Emails are responded from 8.30am-5.30pm
      Any security related other incidents could be reported using incidents@cert.gov.lk. Emails are read 24/7

    8. Public Keys and Encryption Information

      9. PGP finger print: CE87 E1DE E008 3D45 261C 526F ABBA 8C78 26AC 7385
      The public key could be found on most key-servers and here in this link.

    9. Team Members

      10. The CEO of Sri Lanka CERT | CC is Mr. Air Cdre (Retd) Jayasiri Amarasena. Information about other team members is available by request

    10. Other Information

      • General information about Sri Lanka CERT | CC is available at our website
      • Sri Lanka CERT | CC Facebook page: www.facebook.com

    11. Points of Customer Contact

      12. The preferred communication channel to contact Sri Lanka CERT | CC for general inquiries is to send an e-mail. Facsimile machine is checked during normal office hours only (Available in the location specified 2.7).
      Days/Hours of operation: 08:30 to 17:30, Monday to Friday. Out of office hours’ operation in case of emergency and could contactable on as mentioned in p 2.7.

  3. Charter
    1. Mission Statement

      • To be the single and the most trusted point of contact for Information Security in Sri Lanka
      • To protect Information Technology users in the Public and Private Sector Organizations and the General Public by providing up-to-date information on potential threats and vulnerabilities and by undertaking computer emergency response handling services
      • To act as the most authoritative national source for all ICT security related issues across the nation.
      • Link with other CERTs and CSIRTs around the world to share the knowledge and know-how relating to Information Security.

    2. Constituency

      3. The constituency of Sri Lanka CERT | CC is basically the whole country of Sri Lanka including Public sector, Private sector and General Public.

    3. Sponsorship and/or Affiliation

      4. Sri Lanka CERT|CC is fully owned by the Government of Sri Lanka and it’s under the Ministry of Technology of Sri Lanka. .

      • Sri Lanka CERT|CC has established sectorial CSIRTS such as FINCSIRT, Edu CSIRT.
      • Sri Lanka CERT|CC is full Member of FIRST (The Global Forum of Incident Response and Security Team).
      • Steering committee Member of APCERT
      • Member of TF-CERT

    4. Authority

      5. Sri Lanka CERT|CC was established as Sri Lanka’s National CERT, by the ICT Agency of Sri Lanka (ICTA) in year 2006. It is registered as a Private Limited Liability Company, and since September 2020, it functions under the Ministry of Technology of Sri Lanka

  4. Policies
    1. Types of Incidents and Level of Support

      2. We assist with Cyber Security Incidents and not Cybercrime. The types of Cyber Security Incidents and level of support given by Sri Lanka CERT|CC is given in our incident handling procedure (5.1).

    2. Co-operation, Interaction and Disclosure of Information

      3. Sri Lanka CERT|CC works in tight cooperation with Government Organizations, law Enforcement Authorities, the NCPA, the Ministry of Woman and Child Affairs and other relevant organization in the field of information security.
      Sri Lanka CERT|CC treats all submitted information as confidential at all times and shall not be disclosed to third parties unless it is essential to do so.

    3. Communication and Authentication

      4. For secure communication use the PGP key given in (2.8) to send encrypted emails to cert@cert.gov.lk.

  5. Services
    1. Incident Response

      Sri Lanka CERT | CC will define, assess and prioritize all types of Cyber Security incidents. This service involves responding to a request or notification by a constituent that an unusual event has been detected, which may be affecting the Confidentiality, Integrity and Availability of the services or cyber systems belonging to that constituent. Sri Lanka CERT | CC will provide technical assistance or advice by following the incident management procedure given below.

      1. Incident Triage

        • Investigating whether indeed an incident occurred
        • Determining the extent and impact of the incident

      2. Incident Coordination

        • Obtaining clarifications on type and severity of the incident. Collecting information and categorising it according to the information classification policy
        • Determining and contacting the involved organizations
        • Facilitating contact with other parties including law enforcement, if needed
        • Communicating with media, if necessary

      3. Incident Resolution

        • Advising the involved organization(s) on appropriate measures to be taken to eradicate and recover from the incident
        • Following up the incident solution process

    2. Proactive Activities

      • Providing relevant information on threats, trends and remedies to our constituency (and/or media, if necessary) to raise security awareness and competence
      • Maintain up to date contact information of local security teams
      • Observe current trends in technology
      • Distribute relevant knowledge to the constituency through our website and mailing list
      • Providing a knowledge base and information sharing within the constituency

    3. Digital Forensics

      4. Sri Lanka CERT|CC conducts digital forensics investigations for government and private organizations on request. Sri Lanka CERT|CC is a member of the panel of experts in the Payment Devices Fraud Act, No. 30 Of 2006.

    4. Awareness Services

      5. These services include the provision of a technology watch, providing cyber security threat alerts, conducting seminars & workshops and providing a knowledgebase on the official website of Sri Lanka CERT and its Social Media pages.

    5. Research and Policy Development

      6. This service aims at developing National level Strategies and Polices to enhance the Cyber Security Posture of the country.

    6. Consultancy Services

      7. The consultancy services include Vulnerability Assessments and Penetration Testing on both Applications and Networks, advisory for any Cyber/information Security matters of the constituency.

  6. Incident Reporting Forms

    7. General incident reporting form can be found here.

  7. Disclaimers

    8. While every precaution will be taken in the preparation of information, notifications and alerts, Sri Lanka CERT|CC takes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.