RFC2350

Beginning section 1. Document Information

1. Document Information

1.1 About this Document

This document contains a description of JCSC (previously CERT.JE) in accordance with the Internet Society Request for Comment (RFC) 2350, “Expectations for Computer Security Incident Response”. It provides basic information about JCSC, its channels of communication and its roles and responsibilities.

1.2 Date of Last Update

Version 1.7 October 2023.

1.3 Distribution List for Notifications

Changes are not currently notified.

1.4 Locations where this Document may be found

The current version of this document can be found at https://jcsc.je/rfc2350

1.5 Document identification

Title: RFC2350-V2.0

Version: 2.0

Document Date: 21 May 2024

Expiration: This document is valid until superseded by a later version.


Beginning section 2. Contact Information

2. Contact Information

2.1 Name of the Team

Full name: Jersey Cyber Security Centre

Short name: JCSC

2.2 Address

JCSC
1 Seaton Place
St Helier
JERSEY
JE2 3QL

2.3 Time Zone

GMT / BST

2.4 Telephone Number

+44 (0) 1534 500 050

2.5 Facsimile Number

Not applicable

2.6 Other Telecommunication

Not applicable

2.7 Electronic Mail Addresses

Incident reporting

For incident reporting, please contact us at incidentreports@jcsc.je

This email address is monitored by JCSC employees during office hours only.

Phishing email reporting

For notifications of phishing emails, please contact us at phishing@jcsc.je

This email address should be only used for phishing notifications where immediate support is not required.

General enquires

For other matters such as administration related topics and general inquiries, please send us an email at hello@jcsc.je.

This email address should also be used for PGP signed /encrypted emails.

This email address is monitored by JCSC employees during office hours only.

2.8 Public Keys and Encryption Information

Our PGP fingerprint is shown below.

PGP Key ID: BF0F5BC7FC6D49E0

Type: RSA 4096

Fingerprint: 68182F8892CAD5A5CBB598B5BF0F5BC7FC6D49E0

2.9 Team Members

The Director of JCSC is Matt Palmer. The team includes six other members of staff.

2.10 Operating Hours

The hours of operation are from 09:00 to 17:00 GMT/BST Monday to Friday, excluding Jersey public holidays. The team may operate out of these hours and days in the case of an emergency only.

2.11 Other Information

JCSC is an accredited member of TF-CSIRT and is in the process of applying for FIRST membership.

2.12 Points of customer Contact

The preferred method for contacting us is via email. If it is not possible or advisable due to security reasons to use email, then JCSC can be reached by telephone during business hours.


Beginning section 3. Charter

3. Charter

3.1 Mission Statement

The mission of JCSC is to “prepare for, protect against, and respond to” cyber-attacks on Jersey.

The vision of JCSC is “for Jersey to be internationally recognised as a safe place to live and do business online.”

JCSC operates according to the JCSC Code of Conduct.

3.2 Constituency

The constituency of JCSC is the jurisdiction of Jersey, including:

  1. all organisations established within the jurisdiction, including but not limited to the States of Jersey, public sector organisations, private and public companies, charities and third sector organisations.
  2. critical national infrastructure providers operating services in Jersey (regardless of domicile)
  3. individuals resident in Jersey.
  4. the .JE top level domain name (gTLD), and
  5. services using telephone and IP ranges allocated to Jersey telecoms providers or for use in Jersey.

Effectively this reflects where cyber incidents would lead to reputational, political, economic or wellbeing risks to the jurisdiction or its residents.

3.3 Sponsorship and/or Affiliation

JCSC is funded by the Government of Jersey and has TF-CSIRT accredited status.

3.4 Authority

JCSC derives its authority from the States of Jersey via the Minister for Economic Development, Tourism, Sport and Culture. By virtue of the functions and powers vested in him under:

(i) Articles 26, 28(1)(b), 29A,30 and 30A of the States of Jersey Law 2005,

(ii) Ministerial decision reference MD-C-2019-0092 and

(iii) the States of Jersey (Transfer of Responsibilities and Functions) (Chief Minister to Economic Development, Tourism, Sport and Culture) Order 2019,

On 25 August 2023, the Minister delegated functions to the Director of the Jersey Cyber Security Centre (CERT.JE as it was then described) as described in https://statesassembly.gov.je/assemblyreports/2023/r.128-2023.pdf.

JCSC is currently part of the Department for the Economy of the Government of Jersey. JCSC operates at arm’s length from the Government, regulators and law enforcement and it is intended that JCSC will become a separate legal entity in the future.


Beginning section 4. Policies

4. Policies

4.1 Types of Incidents and Level of Support

JCSC uses the Incident Classification Matrix to assess cyber security incidents. It should be noted that incidents can change in severity throughout their lifetime.

4.2 Cooperation, Interaction and Disclosure of Information

JCSC recognises the importance of operational cooperation and information sharing between CERTs, CSIRTs and other organisations which may contribute towards or make use of the services that JCSC provides.

4.3 Communication and Authentication

JCSC respects the sensitivity markings defined by the originators of information communicated to JCSC. JCSC protects all data including sensitive information in accordance with Jersey law.


Beginning section 5. Services

5. Services

JCSC provides services aligned to the FIRST CSIRT Framework for our constituency.

5.1 Incident response

JCSC incident response services are available on an 8/5 (working hours) basis to our constituency and may be available outside these hours on an exception basis when approved by the Director or Head of Cyber Defence.

All information and communication technology related incidents are evaluated using a triage process. In-depth analysis is provided by technical experts when required.

5.2 Incident Triage

Assessment of the severity of the incident is made in line with the Incident Classification Matrix.

5.3 Incident Coordination

  • Categorisation of the incident and related information.
  • Coordination and notification of other involved parties on a need-to-know basis, as per JCSC mandate and data sharing agreements.

5.4 Incident Resolution

  • Potential analysis of compromised systems and/or networks as an incident responder of last resort for public bodies.
  • Identification and remediation of the cause of a security incident (exploited vulnerability), and its effects.

5.5 Proactive Services

  • Public outreach to constituents on cyber security matters such as new CVE’s.
  • JCSC monthly newsletter.
  • Network monitoring to detect attacks as early as possible.
  • Automated and manual threat information sharing with our constituency and other national CSIRTs / CERTs.
  • Help, advice, and training for our constituents.
  • Risk management support.

5.6 Vulnerability Management

  • Vulnerability discovery and research through passive or active scanning.
  • Handling of vulnerability reports communicated to JCSC.
  • Vulnerability analysis and reporting impact on constituency if required.

Beginning section 6. Incident Reporting Forms

6. Incident Reporting Forms

Incidents can be reported via email at incidentreports@jcsc.je. JCSC requests that email notifications and or sensitive information be encrypted with our PGP public key.

When you report an incident, please provide the following information:

  1. Contact details and organisation information.
  2. Summary of the incident/type of event.
  3. The source and which system produced an alert.
  4. Affected systems (s).
  5. Potential impact.

Beginning section 7. Disclaimers

7. Disclaimers

JCSC assumes no responsibility for errors, omissions, or for damages resulting from the use of information contained in this document.