RFC 2350
Version: 2.00

1. Document information

This document contains a description of CERT ENEA according to RFC 2350. It provides basic information about the CERT ENEA, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of last update


Wed, 19 Oct 2022

1.2 Distribution list for notifications
There is no distribution list for notifications.

1.3 Locations where this document may be found
The current version of this document can always be found at https://cert.enea.pl

2. Contact information

2.1 Name of the team
CERT ENEA

2.2 Address
CERT ENEA
ul. Władysława Andersa 7
61-894 Poznań
Poland

2.3 Time zone
Central European time zone (CET) which is GMT+01.00 (+02.00 during summer time).

2.4 Telephone number
Phone number: +48 61 884 88 00

2.5 Facsimile number
None

2.6 Other telecommunication
None

2.7 Electronic mail address
All incidents reports should be sent to cert (at) enea (dot) pl

2.8 Public keys and encryption information

PGP is used for functional exchanges between CERT ENEA and its Partners (incident reports, alerts, etc).
Team PGP fingerprint: 0x760B060A6C2FA2DB
PGP Public Key can be downloaded from https://cert.enea.pl/assets/cert_enea_pgpkey.asc

2.9 Team members

No public information is provided about team members.

2.10 Other information
None

2.11 Points of customer contact

The preferred method to contact CERT Enea  team is send an e-mail to the address cert (at) enea (dot) pl, which is monitored by a duty officer during hours of operation.
Days/Hours of Operation: 09:00 to 17:00 Monday to Friday

3. Charter

3.1 Mission statement
CERT ENEA mission is to support the Enea Group Companies to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT and OT assets and harm the interests of the Enea Group. 
The scope of CERT ENEA activities covers prevention, detection, response and recovery. 
CERT ENEA will operate according to the following key values: 

    • Highest standards of ethical integrity 
    • High degree of service orientation and operational readiness
    • Effective responsiveness in case of incidents and emergencies and maximum commitment to resolve the issues
    • Building on, and complementing the existing capabilities in the constituents
    • Facilitating the exchange of good practices between constituents and with peers
    • Fostering a culture of openness within a protected environment, operating on a need to know basis 
    
3.2 Constituency

All end users and organizational units and all ICT systems of the ENEA Capital Group, in particular: 

ENEA S.A., 
ENEA Operator Sp z o.o., 
ENEA Wytwarzanie, Sp. z o.o., 
ENEA Trading Sp. z o.o., 
ENEA Logistyka Sp. z o.o., 
ENEA Nowa Energia Sp. z o.o., 
ENEA Serwis, Sp. z o.o., 
ENEA Innowacje Sp. z o.o., 
ENEA Oświetlenie Sp. z o.o., 
ENEA Pomiary Sp. z o.o., 
ENEA Centrum Sp. z o.o., 
MEC Piła Sp. z o.o., 
PEC Oborniki Sp. z o.o., 
ENEA Ciepło Sp. z o.o., 
ENEA Ciepło Serwis Sp. z o.o., 
ENEA Power&Gas Trading Sp. z o.o.,
ENEA Elektrownia Połaniec S.A. are part of CERT ENEA constituency.

The company Lubelski Węgiel "Bogdanka" S.A. is excluded from constituency of CERT ENEA.
Customers of ENEA Capital Group are treated as an area of additional interest of CERT ENEA.

3.3 Sponsorship and/or affiliation

CERT ENEA is sponsored by management board of ENEA S.A.

3.4 Authority

The establishment of CERT ENEA was mandated via document:

Regulations of the Organizational Units of ENEA S.A. amended by the resolution of the management board of ENEA S.A.
Amended by Resolution of the Management Board No. 180/2018 of 08/05/2018, valid from 25/05/2018


4. Policies

4.1 Types of incidents and level of support
The CERT ENEA team will gradually roll out its services, starting with Announcements, Alerts and Incident Response Coordination

4.2 Co-operation, interaction and disclosure of information
CERT ENEA highly appreciates the importance of operational collaboration and information sharing between computer emergency response teams, as well as with other organizations that may contribute or benefit from their services.
CERT ENEA supports Information Sharing Traffic Light Protocol. Any communication tagged according to TLP will be handled accordingly.

4.3 Communication and authentication
CERT ENEA protects sensitive information in accordance with relevant regulations and policies within the EU. In particular, CERT ENEA respects the sensitivity markings allocated by originators of information 
communicated to CERT ENEA ("originator control").
Communication security (encryption and authentication) is achieved 
by various means: S/Mime based email encryption PGP or other depending on the sensitivity level 
and context.

5. Services

5.1 Reactive:

    • Alerts and warnings
    • Incident handling
    • Vulnerability handling
    • Artefact handling
    
5.2 Proactive:

    • Announcements
    • Technology watch
    • Security audits and assessments
    • Configuration and maintenance of security tools, applications, infrastructures and services
    • Development security tools
    • Intrusion detection services
    • Security related information dissemination
    
5.3 Security Quality

    • Risk analysis
    • Security Consulting
    • Education and trainings
    • Product evaluation and certification
    • Awareness building
    • Business Continuity and disaster recovery supporting
    
6. Incident reporting forms

There are no local forms available.

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CERT ENEA assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.