CSIRT.LI
The short name of the Computer Security Incident Response Team Liechtenstein is CSIRT.LI.
In the role of a national CSIRT within the NIS framework, the CSIRT.LI acts as the international point of contact (PoC) and functions as the national cyber security incident response coordinator. CSIRT.LI mainly understands itself as a hub which knows where to send information to in order to support and facilitate the clean-up of IT security incidents.
Constituency of CSIRT.LI
The constituency of CSIRT.LI is described in Art. 1 of the Cyber Security Act (CSG) of 04 May 2023 and consists of operators of essential services (critical infrastructure) and providers of digital services (in the NIS-context) that are essential for the citizens of Liechtenstein.
Services of CSIRT.LI
National CSIRTs such as the CSIRT.LI mainly serve as a point of contact for IT security in a national context and are networked with other national and international CSIRTs/CERTs.
The notifications of security incidents serve as a basis for the creation of situation reports and for the purpose of issuing early warnings and alerts to the constituency so that they can initiate preventive measures and thus protect themselves, as well as for potential exchange with national and international authorities so that they can carry out their tasks in their own area of responsibility and mitigate or, at best, eliminate these threats completely.
The CSIRT.LI constantly monitors the threat landscape and regularly issues warnings to recipients who belong to the CSIRT.LI constituency and have registered to receive them.
The general support for critical infrastructure in dealing with security incidents is generally provided through consulting and the referral to technical experts. CSIRT.LI does not take an active role in technical remediation or minimizing damage and does not compete with private contractors.
In addition to its legal mandate, the CSIRT.LI serves as a hub, exchange and liaison point for citizens, the economy and govermental authorities.
In the final stage of development, beyond the critical infrastructure, the state, the economy and the entire population shall benefit from the existence of a Liechtenstein cyber hygiene organization.
Contact the CSIRT.LI
Information on email addresses, the telephone number and address as well as the options for confidential, encrypted communication can be found on the contact page of the CSIRT.LI.
Further information
Foundation
The CSIRT.LI was founded on the 1st of July 2023 and since then has been undergoing organizational, technical and procedural development and improvement, with a focus on the collection of high-quality information resources.
Currently, basic services (such as the notification of alerts and general support in the case of security incidents) are provided on an ad hoc basis to the best of the team's capacity with the resources currently available.
RFC 2350
The RFC 2350 document, which is commonly provided by national CSIRTs, contains the most basic information about the CSIRT.LI.
In essence, it is a summary of the options for contacting and communicating confidentially with the CSIRT, information on the tasks and services, the constituency and much more, in a standardized structured format.
Difference between CSIRT and CERT
The terms Computer Security Incident Response Team (CSIRT) and Cyber Emergency Response Team (CERT) are equivalent. That said, CERT is a protected trademark of Carnegie-Mellon University (CMU).
CSIRT types
It is important to note that there are different types of CSIRTs, which can differ significantly in their tasks. ENISA differentiates between academic, commercial, military and corporate CSIRTs, CSIRT providers, critical infrastructure and government as well as national CSIRTs (source: https://www.enisa.europa.eu/publications/csirt-setting-up-guide).
In contrast to national CSIRTs, company-internal CSIRTs and IT security teams have tasks that relate to the infrastructure used in the company and deal with specific security incidents at a technical level.
A national CSIRT is not a corporate CSIRT and does not replace such. However, there should be a active exchange between company CSIRTs or IT security teams and the national CSIRT.