CERT.at is the Austrian national Computer Emergency Response Team (CERT). As such, CERT.at is the contact partner for IT security in the national context.
CERT.at is the primary contact point for IT security in a national context. It creates a network between other CERTs and CSIRTs (Computer Security Incident Response Teams) operating in the area of critical infrastructure or information and communication technology (ICT), issues warnings and alerts, and gives advice to SMEs. In the case of significant online attacks against Austrian infrastructure, CERT.at will coordinate the response by the targeted operators and local security teams
CERT.at treats all submitted information as confidential by default, and will not disclose it without approval, unless implicitly required to resolve specific incidents. Particularly, CERT.at will not disclose information about incidents to government authorities or the press without explicit prior permission by the submitting party
An overview of the status of cyber security in Austria can be downloaded here: CERT annual report.
Main duties and responsibilities of CERT.at
The main purpose of CERT.at is to coordinate the response to IT security incidents. We consult local CERTS and do not exercise authority over the Austrian IP address zone. There are, however, strong contacts to all the large ISPs and the ACOnet (ACOnet CERT).
The constituency are IT security teams and local CERTs in Austria. In addition, CERT.at pro-actively issues warnings and provides know-how to SMEs (small- and medium-sized companies) and the general public to make the Internet in Austria more secure. CERT.at provides resources for security-relevant incident response as part of a cooperation with the Government Computer Emergency Response Team for public administration and critical information infrastructure (CII) in Austria.
CERT.at is an initiative of nic.at, the Austrian domain registry. It is sponsored by nic.at.
Austrian Energy CERT (AEC)
The Austrian Energy CERT (AEC) is an industry-sector-specific CERT (Computer Emergency Response Team) for the Austrian electricity and natural gas industry which was launched in November 2016. The AEC is an important element for increasing the resilience of the energy industry against cyberattacks. Additionally, it complies with the European Union Directive on Security of Network and Information Systems (NIS) and the recommendations of the European Network and Information Security Agency (ENISA) for increasing the IT security of critical infrastructure. Operating an industry-sector-specific CERT and constantly exchanging information with other CERTS improves awareness and prevention in the energy industry.