This is version 2.0.0 published on February 7, 2024.
There isn’t any distribution list for notifications.
The document is available on CERTBI’s website at the following URLs:
CERT Banca d’Italia
Short name: CERTBI
CERT Banca d’Italia
Divisione CERTBI
Servizio Pianificazione Informatica
Dipartimento Informatica
Largo Guido Carli, 1
00044 Frascati (Roma)
Italy
Central European Time (UTC+1), and observing Daylight Saving Time (UTC+2) from the last Sunday of March to the last Sunday of October.
+39 06 4792 8946 (this is not a secure fax)
None
CERTBI can be reached at cert@bancaditalia.it.
PGP/GPG is supported for secure communication.
CERTBI has a public PGP/GPG key for cert@bancaditalia.it which is available at https://cert.bancaditalia.it/certbi.asc and usual public key servers, such as MIT PGP Key Server.
PGP/GPG Key:
All team members of CERTBI have a personal PGP/GPG key for exchange of classified information.
CERTBI team consists of qualified cyber security analysts. The team leader is the pro tempore head of the “Divisione CERTBI”.
General information about CERTBI can be found at https://cert.bancaditalia.it.
The preferred method for contacting CERTBI is via email at cert@bancaditalia.it. The mailbox is monitored during hours of operation. Please use PGP/GPG if you intend to send sensitive information.
The CERTBI’s hours of operation are generally restricted to regular business hours (9:00 - 17:00, Monday to Friday except Italian holidays).
If necessary, any urgent case can be reported by phone at +39 06 4792 9797.
CERTBI is the focal point for the collection, analysis and sharing of information related to cyber threats, and for the coordination of activities aiming at preventing and supporting the response to cyber emergencies that could harm IT-assets of Banca d’Italia and IVASS. It is the one contact point for voluntary information sharing with the Bank’s external counterparts, running continuous cyber intelligence activities for the preventative and proactive countering of cyber threats. CERTBI cooperates with qualified counterparts at national, EU and extra-EU levels. It continuously produces intelligence on the evolution of cyber threats and delivers it to the Institute’s internal and external stakeholders, adopting an intelligence-led cyber security approach also in supporting the entire cyber security incident lifecycle.
The CERTBI’s constituency includes people and IT-assets of Banca d’Italia and IVASS.
CERTBI is part of Banca d’Italia organization.
CERTBI operates under the auspices of, and with authority delegated by, the Director General of the Directorate General for Information Technology of Banca d’Italia.
CERTBI is authorized to address relevant cyber security incidents which occur, or threaten to occur, at Banca d’Italia and IVASS. Depending on the security incident’s nature, CERTBI will gradually roll out its services which include: managing information exchange and interactions with internal and external stakeholders; the production and dissemination of tactical, operational and strategic cyber threat intelligence, also to prevent and counteract cyber security incidents; alerting and artifact analysis.
The level of support given by CERTBI will vary depending on the type and severity of the incident or issue, its potential or assessed impact, and the CERTBI’s resources available at the time.
The CERTBI is committed to keeping its constituency informed of potential vulnerabilities, possibly before they are actively exploited.
CERTBI regards the operational cooperation and information sharing with other CERTs and similar qualified organizations as of paramount importance. Therefore, while appropriate measures will be taken to protect the identity of members of the constituency and of neighboring sites where necessary, the CERTBI will otherwise share information when this will assist others in resolving or preventing security incidents.
CERTBI operates within the current Italian and European legal frameworks, with specific regard to the handling and disclosure of information.
CERTBI observes the CSIRT Code of Practice.
Telephones and unencrypted emails are considered sufficiently secure for the transmission of low-sensitive data. If it is necessary to send highly sensitive data by email, PGP/GPG will be used. Network file transfers will be considered to be similar to email for these purposes: sensitive data will be encrypted for transmission.
CERTBI recognizes and supports the TLP (Information Sharing Traffic Light Protocol).
Where it is necessary to establish trust, for example before relying on information given to the CERTBI or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust by use of appropriate methods (e.g.: referrals from known trusted sources, checks with the originator, digital signatures).
CERTBI is responsible for information security incident management, interacting with internal and external stakeholders in the context of cyber security incident response activities. CERTBI is responsible for the production and dissemination of tactical, operational and strategic cyber threat intelligence in order to prevent cyber security incidents and to effectively counter cyber threats, for sending out alerts and warnings to its constituency, for performing artifact analysis when necessary, and for providing assistance or advice with respect to the different incident response phases.
CERTBI services are based on FIRST CSIRT Services Framework and coordinates and maintains the following services for its constituency:
CERTBI does not provide any public form for reporting incidents.
When reporting a cyber security incident to CERTBI, please provide at least the following information:
Please classify the information using the Traffic Light Protocol and apply encryption as appropriate.
While every precaution will be taken in the preparation of information, notifications and alerts, CERTBI assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.