CERT-FR is the French national and governmental CERT (Computer Emergency Response Team) or CSIRT (Computer Security Incident Response Team) and is in charge of preventing and handling the technical impacts of cybersecurity related incidents. CERT-FR is operated by ANSSI, the National Cybersecurity Agency.
The main missions of CERT-FR are the following:
- Respond to technical assistance requests following cybersecurity incidents impacting its constituent’s networks and information systems: receiving reports, analysing the effects of an incident, identifying possible correlations with similar incidents and defining solutions for recovery;
- Process security alerts and respond to cyber-attacks. For this purpose, CERT-FR realizes technical analysis of attacks, takes part in information exchanges with other CERTs and contribute to technical reviews on multiple cybersecurity topics;
- Detect attacks targeting governmental information systems. For this purpose, CERT-FR continuously operates security monitoring (SOC) for the benefit of State services;
- Detect information systems’ vulnerabilities, in particular through a watch on most commonly used products;
- Contribute to preventing cyber-attacks, by communicating on best practices to adopt to reduce the probability of an incident and to minimize their possible effects;
- Coordinate incident prevention and response with all stakeholders and partners. The coordination of operations allows to involve, when necessary, national and international CSIRTs, internet service providers and network operators.
The primary constituents and beneficiaries of CERT-FR’s missions are:
- Public organizations: ministries, institutions, national courts, independent authorities, local authorities;
- Operators of vital importance (OIV): public or private entities who operate equipment or facilities necessary to the French nation’s survival;
- Operators of essential services (OES): entities depending on networks or information systems, who operate essential services whose interruption would have a significant impact on the proper functioning of the economy or society.
Although it provides publicly available information through its website, CERT-FR is not designed for intervention towards French individuals and small or medium-sized enterprises. These communities are supported by cybermalveillance.gouv.fr.
National and international cooperations
In order to perform its operational activities, CERT-FR is a member of several national and international networks of CERTs:
- InterCERT France which brings together various CERTs operating incident response primarily in France
- The EU CSIRTs Network which brings together incident response teams of all EU Member States.
- The European Government CERTs Group (EGC) which brings together a smaller number European CSIRTs with governmental mandates
- International Watch and Warning Network (IWWN) which brings together both governmental or national CSIRTs across the world
- Forum of Incident Response and Security Teams (FIRST) which brings together 600 private or public CSIRTs
- The Task Force on Computer Security Incident Response Teams (TF-CSIRT), which fosters exchanges of experience about the tasks of incident response teams. CERT-FR’s skills and capacities have been recognized since 2002 by TF-CSIRT via the regular renewal of its accreditation (Trusted Introducer Level 2 / Accredited).