Reacting to cyber attacks: Contact the CERTs and CSIRTs in your region
The cyber threat no longer spares anyone, affecting even the least prepared players. To respond to this risk, the French government has decided to set up a network of cyber incident response centers in 2021.
Known as CSIRTs or CERTs, these centers will support VSEs, SMEs, ETIs, local authorities and healthcare establishments before, during and after a cyber attack.
In short, these new cybersecurity players can be thought of as cyber firefighters, available all the time to deal with cyber incidents.
In this article, we'll look at what the acronyms CERT, CSIRT and CRC stand for, and how they are organized on a national scale. We will then describe their main missions and give an overview of regional CSIRTs.
CERT and CSIRT: Definitions & Differences
CERTs (Computer Emergency Response Teams), also known as CSIRTs (Computer Security Incident Response Teams), are teams of cybersecurity specialists.
Whether managed by private or governmental organizations, these centers are made up of IT professionals who, in the event of a cyber attack, are the first to intervene to diagnose the attack and provide remediation advice to the companies concerned.
Located in every European country, these centers operate in networks, providing essential protection against cyber threats.
A hierarchical network
Organized around the clear objective of rapid incident response, these complementary centers are structured hierarchically across Europe.
At European level, there is a CERT-EU responsible for preventing, detecting and responding to transnational cyber attacks, and for coordinating incident response across the continent.
At national level, CERT-FR is administered by ANSSI (Agence nationale de la sécurité des systèmes d'information). This center is responsible for keeping a national watch on the most critical security alerts, and coordinating incident response for France's largest companies.
At regional level, there are 12 regional CSIRTs in mainland France and 3 Cyber Resource Centers (CRCs) in the overseas territories. These emergency services have local expertise and provide a specialized response to local players.
Finally, there are sector-specific CSIRTs, with specialized expertise to support the most critical businesses, such as banks and hospitals.
The different missions of CSIRTs
The main mission of CSIRTs is to respond to first-level cyber incidents and limit their impact. Like cyber firefighters, CSIRT teams can be contacted by phone or form on a daily basis.
In the event of a proven cyber attack, they are responsible for diagnosing the incident and recommending a qualified partner service provider to remedy the situation.
Present from the start of the attack through to full remediation of the incident, these teams provide essential human support to help companies get through cyber-attacks.
Throughout the entire procedure, they are at the service of their beneficiaries, guiding affected companies through the various steps to be taken (filing a complaint, communicating about the incident, draft an insurance file, etc.).
In addition to a permanent incident response service, they also provide upstream, preventive support to VSEs, SMEs, ETIs and local authorities in protecting their information systems (IS). This is why we recommend that you contact the CSIRT in your region for personalized advice on how to protect yourself against cyber-attacks in the future.
Regional CSIRTs
Here are the 12 regional centers:
- Bourgogne-Franche-Comté
- Bretagne
- Corsica
- Centre-Val de Loire
- Grand Est
- Hauts-de-France
- Île-de-France
- Normandie
- Nouvelle-Aquitaine
- Occitanie
- Pays de la Loire
- Provence-Alpes-Côte d'Azur
Cyber Resource Centers in the French Overseas Territories
In 2021, the French overseas territories will also have Cyber Resource Centers (CRC).
Their main missions are to help structure the local cyber ecosystem and respond to cybersecurity incidents in the territories where they are located, and they will eventually carry out the same missions as the CSIRTs in France.
There are three centers, one for each ocean basin:
- Île de la Réunion for the Indian basin
- The Caribbean for the Atlantic basin
- New Caledonia for the Pacific basin
Conclusion
CSIRTs work in synergy to provide lasting protection for all French businesses. From rapid response to incidents to long-term support for companies, these specialized centers are helping to protect and develop the French cyber ecosystem.
In the event of an attack, you need to be able to detect the first signs of the attackers so you can block them before it's too late. At Bastion, we are developing a solution that enables you to quickly identify intrusion attempts on your computers, e-mails or SaaS applications from the same interface, enabling you to block the attack and notify a CSIRT before any damage is done.
From protection against phishing to securing your e-mails and training your staff, put your company's security on auto-pilot with Bastion and concentrate on your core business with complete peace of mind.