CERT-IST and the services it offers

CERT-IST (Computer Emergency Response Team – Industry, Services and Tertiary) is a national cyberattack alert and response team. CERT-IST was established in 1999 by a consortium of French companies to provide registered members with cybersecurity risk prevention services and assistance in the event of a cyber incident or attack. CERT-IST services are provided by a dedicated team of Thales cybersecurity experts. In 2003, CERT-IST became a non-profit organisation under French law, ensuring its independence from manufacturers, developers and publishers. It works for the community of its members to improve cyber resilience by sharing resources and experience.

 
Over 7,000 new vulnerabilities every year

The CERT-IST team in France has privileged access to a unique alert system, the only one of its kind in the world, formed by the network of 345 CERTs worldwide affiliated to the Forum for Incident Response and Security Teams. FIRST provides the points of contacts needed to investigate cross-border incidents as well as technical information not yet in the public domain.

CERT-IST constantly monitors the Internet for information on new threats, security vulnerabilities, programs designed to exploit them and malware, including computer viruses, worms, Trojan horses and ransomware.

It consults three types of sources:

  • Official sources (FIRST, other CERTs, manufacturer, developer and publisher websites, etc.)
  • Semi-official sources (those recognised in the world of IT security, but without official status)
  • Unofficial sources (public forums, mailing lists, etc.)

The team cross-checks and analyses the information from these sources. It then issues personalised security advisories and alerts to registered members, keeping them informed about the latest threats, how serious they are and how to counter them.

 
Working for industry, services and the tertiary sector

CERT-IST and the services it provides are constantly evolving to meet the growing needs of its members. In 2010, for example, it introduced a monitoring service dedicated to SCADA and industrial systems. It is currently preparing a cyber threat intelligence and monitoring service, which will be launched later in 2016. This service will provide a detailed description of known attacks aimed at businesses and corporations, plus a qualified database of Indicators of Compromise (IOCs).

Today, the CERT-IST is one of the major components of Thales’s cybersecurity offering. It is part of Thales’s broader focus on consultancy and services to help its customers design, build and maintain information systems with the necessary levels of security and resilience, protecting them from the most sophisticated cyberattacks in compliance with national and international regulations.

CERTs in each country pursue a number of key missions:

  • Centralise requests for assistance in response to security incidents and attacks on computer networks and systems (initial requests, diagnostics, correlation of incidents, etc.)
  • Process alerts and respond to attacks (technical analysis, exchange of information and intelligence with other CERTs, contribution to specific technical studies, etc.)
  • Establish and maintain a vulnerability database
  • Prevent and mitigate attacks (regular information for members on threats, precautions, potential consequences, etc.)
  • When necessary, liaise with other entities outside its usual remit (network competence centres, operators, ISPs, national and international CERTs)

 Forum for Incident Response and Security Teams

At international level, the CERT-IST in France joined the Forum for Incident Response and Security Teams (FIRST) in June 1999. As an affiliated member, CERT-IST is part of a global network of over 345 other CERTs and has privileged access to a unique alert system, the expertise needed to investigate cross-border incidents and technical information not yet in the public domain.

All articles