Go
Report an IncidentCyber SecuritySecurity AdvisoriesUS-CERT
PA-CSIRT
Mission Statement
FAQ
Cyber Security
Information Technology
 
Log In

PA-CSIRT
Information Security Office
Commonwealth Technology Center
1 Technology Park
Harrisburg, PA 17110
HOTLINE: 1-877-55CSIRT
FAX: (717) 772-8018
e-mail: RA-CISO@pa.gov

Frequently Asked Questions  

Q. What Does CSIRT stand sor?

A. CSIRT stands for Computer Security Incident Response Team 

Q. What is the PA Computer Security Incident Response Team (PA-CSIRT)?

A. The PA Computer Security Incident Response Team (PA-CSIRT) is a team within the Information Security Office that is responsible for receiving, reviewing, and responding to Commonwealth of Pennsylvania related computer security incident reports and activity.

Q. What is a computer security incident?

A. a computer security incidence can fall under a number of categories: 

Definition: Any real or suspected adverse event in relation to the security of computer systems or computer networks

Eample include but are not limited to: 

  • Threats to the physical safety of human beings.  
  • Root or system-level attacks on any Management Information System, or any part of the backbone network infrastructure.
  • Root or system-level attacks on any large public service machine, either multi-user or dedicated-purpose
  • Compromise of restricted confidential service accounts or software installations, in particular those used for applications containing confidential data, or those used for system administration.
  • Denial of service attacks on any of the above three items.
  • Any of the above at other sites, originating from the local Internet community
  • Large-scale attacks of any kind, e.g. sniffing attacks, IRC "social engineering" attacks, password cracking attacks.
  • Threats, harassment, and other criminal offenses involving individual user accounts.
  • Compromise of individual user accounts on multi-user systems.
  • Compromise of desktop systems.
  • Forgery and misrepresentation, and other security-related violations of local rules and regulations, e.g. netnews and e-mail forgery, unauthorized use of IRC bots.
  • Denial of service on individual user accounts, e.g. mailbombing.

Q. Why does the Commonwealth of Pennsylvania need a CSIRT?

A. Even the best information security infrastructure cannot guarantee that intrusions or other malicious acts will not happen. When computer security incidents occur, it is critical that agency personnel within the Commonwealth have an effective way to respond. The implementation of PA-CSIRT is necessary to handle such critical computer security incidents using not only the best but also fastest methods available ensuring minimal downtime if any. 

Q. What types of CSIRTs exist?

A. There are many CSIRTs world wide.

Some CSIRTs support a country, such as US-CERT which is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. Other examples of CSIRT's may provide assistance to a particular region. Others may provide support to a particular university or commercial organization. There are also corporate groups who provide CSIRT services to clients for a fee.

Some general categories of CSIRTs include, but are not limited to, the following:

  • Internal CSIRTs provide incident handling services to their parent organization. This could be a CSIRT for a bank, a manufacturing company, a university, or a federal agency.
  • National CSIRTs provide incident handling services to a country.
  • Coordination Centers coordinate and facilitate the handling of incidents across various CSIRTs.
  • Analysis Centers focus on synthesizing data from various sources to determine trends and patterns in incident activity. This information can be used to help predict future activity or to provide early warning when the activity matches a set of previously determined characteristics.
  • Vendor Teams handle reports of vulnerabilities in their software or hardware products. They may work within the organization to determine if their products are vulnerable and to develop remediation and mitigation strategies. A vendor team may also be the internal CSIRT for a vendor organization.
  • Incident Response Providers offer incident handling services as a for-fee service to other organizations.

Q. What services does a PA-CSIRT provide?

A. PA-CSIRT's main objective is Incidence Handling.
Incident handling includes three functions: incident reporting, incident analysis, and incident response.

The incident reporting function enables PA-CSIRT to serves as a central point of contact for reporting problems. This allows local computer and especially internet users and system administrators to report all security incident issues and activities to PA-CSIRT.

Incident analysis involves taking an in-depth look at an incident report or incident activity to determine the scope, priority, and threat of the incident, along with researching possible response and mitigation strategies.

Incident response functions can take many forms. PA-CSIRT may send out recommendations for recovery, containment, and prevention to users or systems and network administrators who then perform the response steps themselves. The response may also involve sharing information and lessons learned with other response teams and other appropriate agencies, organizations, and sites.

PA-CSIRT also responds by sending security bulletins to its members informing them of any vulnerability that may have been detected in various software and applications.

PA-CSIRT also sends out alerts to its members where a highly critical vulnerability has been detected.

Home | Privacy PolicyDisclaimer
Copyright ©  Commonwealth of Pennsylvania