RFC 2350

The following profile of the NW-CERT has been established in adherence to RFC-2350.

1. About this document

1.1 Date of Last Update

This is version 1.1, published on 2023/10/07.

1.2 Distribution List for Notifications

There is no distribution list for notifications. This document is kept up to date at the location specified in 1.3. Should you have any questions regarding updates, please address to the NW-CERT email address.

2. Contact Information

2.1 Name of the Team

Full name: Northwave CERT

Short name: NW-CERT

2.2 Address

Northwave CERT

2.3 Time Zone

GMT+1 (GMT+2 with DST, according to EC rules)

2.4 Telephone Number

Regular phone number: +31 (0)30 303 1240

24/7 emergency number international: 00800 1744 0000

24/7 emergency number (backup): +31 (0) 85 043 7909

2.5 Facsimile Number

Not available.

2.6 Other Telecommunication

 Not available.

2.7 Electronic Mail Address

cert(at)northwave.nl

2.8 Public Keys and Other Encryption Information

NW-CERT uses PGP for digital signatures and to receive encrypted information.

• KeyID: 0xC5FD
• Fingerprint: 9B4C 1729 C3F7 D329 249E 5A85 BA29 C3F2

2.9 Team Members

 A full list of NW-CERT team members is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

2.10 Other Information

 General information about Northwave is available at: https://northwave-cybersecurity.com/about.

• Points of Customer Contact

In case of emergencies the NW-CERT emergency telephone number should be called:

• 00800 1744 0000
• +31 (0) 85 043 7909 (backup)

 In all other cases an email can be sent to cert(at)northwave.nl.

3. Charter

3.1 Mission Statement

The NW-CERT helps organisations to get back to business as usual, as quickly as possible, and follows the mission of Northwave.

The mission of Northwave is to help its customers with establishing and maintaining adequate protection of their information and business continuity. Northwave does this by providing a risk based and interdisciplinary outtasking concept of all complex and critical functions in this domain. This 360° and 24*7 service is centralized around the ISO27001 norm and offers a complete spectrum of security measures on the level of business (plans, policies, procedures), bytes (prevent, detect, respond) and behaviour (cyber skills and safe behaviour). By combining all relevant measures with a risk-based information security management system, Northwave creates a tailor-made Intelligent Security Operation for each of its customers. This safeguards their digital journey.

3.2 Constituency

 As a commercial organisation, the NW-CERT provides its services worldwide to:

• its customers with a 24*7 CERT Service contract.
• all organisations who require assistance after reporting a security incident via the emergency phone number.

3.3 Affiliation

NW-CERT is part of Northwave Netherlands in Utrecht, which in turn is part of the Northwave Group. It maintains contacts with various national and international CSIRT and CERT teams, as well as Dutch police and governmental agencies according to its needs and the information exchange culture that it values.

3.4 Authority

NW-CERT coordinates security incidents on behalf of Northwave Netherlands and has no authority reaching further than that. NW-CERT will however make recommendations to constituents in the course of its work. The implementation of such recommendations is not a responsibility of NW-CERT but solely of those to whom the recommendations were made. In general, NW-CERT works co-operatively with its constituents’ Business, IT and Security Teams.

4. Policies

4.1 Types of Incidents and Level of Support

 The NW-CERT addresses all types of security incidents, which occur, or threaten to occur, in its constituency (see 3.2). This includes security incidents for which private investigations need to be performed. The level of support given by NW-CERT varies depending on the type, severity and impact of the incident, the type of client and the available expertise within the client. 

4.2 Co-operation, Interaction and Disclosure of Information

All incoming information is handled confidentially by NW-CERT, regardless of its priority. Incident-related information is handled on a need-to-know basis and only shared with the team directly involved with the case. Data is stored in a separate (encrypted) environment for each case, with access control in place based on the need-to-know principle. Sharing information externally is done through a secured environment always requiring at least two factors of authentication.

NW-CERT does not report incidents to law enforcement, unless Dutch relevant laws require so – as is the case in first-degree crime. Likewise, NW-CERT cooperates with law enforcement in the course of an official investigation only, meaning a court order is present, and in case a NW-CERT constituent requests that NW-CERT cooperates in an investigation. In the latter case, when a court order is absent, NW-CERT will only provide information on a need-to-know basis.

NW-CERT uses the Traffic Light Protocol (TLP) for sharing sensitive information. All incident-related information is handled on a TLP:RED basis, with exceptions only upon approval or direction of the client.

4.3 Communication and Authentication

Reporting of security incidents to the NW-CERT should be done via the emergency phone number. All other communication with the NW-CERT can take place via phone or email. In addition, sensitive data should be shared via the secured file transfer platform of NW-CERT or when sending emails is preferred, the NW-CERT PGP key is used for signing email messages. All sensitive communication to NW-CERT should be encrypted with the team’s PGP key.

5. Services 

5.1 Incident Response

The NW-CERT is fully prepared to deal with any type of incident. Our process of containment, eradication and recovery allows us to rapidly limit the damage caused by the attack, remove any remaining threats or attackers from your systems and return you to business as usual, as quickly as possible. The NW-CERT toolkit is equipped with both hardware and software tools to connect to and extract relevant information from any system securely. Information is gathered for recovery as well as root cause analysis. The root cause analysis is the foundation on which we can decide on how to address an (ongoing) incident effectively. Furthermore, the outcome of the root cause analysis will form the input for recommendations on how to improve your (digital) environment to prevent similar incidents in the future.

 In particular, the NW-CERT provides assistance or advice with respect to the following aspects of incident response and management:

5.1.1 Incident Triage

• Gathering incident details, e.g., incident type, impact, actions taken.
• Determining follow-up actions.
• Determining the scope and requirements for the deployment of the NW-CERT
• Incident Coordination
• Determining the root cause of the incident based on digital forensics.
• Facilitating contact with other sites which may be involved.
• Facilitating contact with media, suppliers and customers, if necessary.
• Facilitating contact with law enforcement officials, if necessary.
• Composing announcements to users, if applicable.
• Providing status updates.
• Providing memos and reports for internal and external parties.
• Advising on security measures.
• Incident Resolution
• Providing guidance and support to resolve the vulnerability based on the root cause analysis.
• Providing guidance and support in securing the environment from the effects of the incident.
• Evaluating whether certain actions are likely to reap results in proportion to their cost and risk.
• Collecting evidence where criminal prosecution, or disciplinary action, is contemplated.

5.2 Proactive Activities

Northwave helps her customers with smart and effective approach to information security. Northwave offers the continuity, availability and quality of the large variety of skills, expertise and methods required to obtain and maintain control on data protection. This is all aimed at reducing the probability or impact of an incident for the constituents.

The NW-CERT, in collaboration with Northwave.

6. Incident Reporting Forms

 There are no special forms required to report incidents to NW-CERT.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, NW-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.