CERT Banca d’Italia (CERTBI) - RFC 2350

1. Document Information

1.1. Date of Last Update

This is version 2.0.0 published on February 7, 2024.

1.2. Distribution List for Notifications

There isn’t any distribution list for notifications.

1.3. Locations where this Document May Be Found

The document is available on CERTBI’s website at the following URLs:

2. Contact Information

2.1. Name of the Team

CERT Banca d’Italia

Short name: CERTBI

1.2. Address

CERT Banca d’Italia

Divisione CERTBI

Servizio Pianificazione Informatica

Dipartimento Informatica

Largo Guido Carli, 1

00044 Frascati (Roma)

Italy

2.3. Time Zone

Central European Time (UTC+1), and observing Daylight Saving Time (UTC+2) from the last Sunday of March to the last Sunday of October.

2.4. Telephone Number

+39 06 4792 9797

2.5. Facsimile Number

+39 06 4792 8946 (this is not a secure fax)

2.6. Other Telecommunication

None

2.7. Electronic Mail Address

CERTBI can be reached at cert@bancaditalia.it.

2.8. Public Keys and Encryption Information

PGP/GPG is supported for secure communication.

CERTBI has a public PGP/GPG key for cert@bancaditalia.it which is available at https://cert.bancaditalia.it/certbi.asc and usual public key servers, such as MIT PGP Key Server.

PGP/GPG Key:

All team members of CERTBI have a personal PGP/GPG key for exchange of classified information.

2.9. Team Members

CERTBI team consists of qualified cyber security analysts. The team leader is the pro tempore head of the “Divisione CERTBI”.

2.10. Other Information

General information about CERTBI can be found at https://cert.bancaditalia.it.

2.11. Points of Customer Contact

The preferred method for contacting CERTBI is via email at cert@bancaditalia.it. The mailbox is monitored during hours of operation. Please use PGP/GPG if you intend to send sensitive information.

The CERTBI’s hours of operation are generally restricted to regular business hours (9:00 - 17:00, Monday to Friday except Italian holidays).

If necessary, any urgent case can be reported by phone at +39 06 4792 9797.

3. Charter

3.1. Mission Statement

CERTBI is the focal point for the collection, analysis and sharing of information related to cyber threats, and for the coordination of activities aiming at preventing and supporting the response to cyber emergencies that could harm IT-assets of Banca d’Italia and IVASS. It is the one contact point for voluntary information sharing with the Bank’s external counterparts, running continuous cyber intelligence activities for the preventative and proactive countering of cyber threats. CERTBI cooperates with qualified counterparts at national, EU and extra-EU levels. It continuously produces intelligence on the evolution of cyber threats and delivers it to the Institute’s internal and external stakeholders, adopting an intelligence-led cyber security approach also in supporting the entire cyber security incident lifecycle.

3.2. Constituency

The CERTBI’s constituency includes people and IT-assets of Banca d’Italia and IVASS.

3.3. Sponsorship and/or Affiliation

CERTBI is part of Banca d’Italia organization.

3.4. Authority

CERTBI operates under the auspices of, and with authority delegated by, the Director General of the Directorate General for Information Technology of Banca d’Italia.

4. Policies

4.1. Types of Incidents and Level of Support

CERTBI is authorized to address relevant cyber security incidents which occur, or threaten to occur, at Banca d’Italia and IVASS. Depending on the security incident’s nature, CERTBI will gradually roll out its services which include: managing information exchange and interactions with internal and external stakeholders; the production and dissemination of tactical, operational and strategic cyber threat intelligence, also to prevent and counteract cyber security incidents; alerting and artifact analysis.

The level of support given by CERTBI will vary depending on the type and severity of the incident or issue, its potential or assessed impact, and the CERTBI’s resources available at the time.

The CERTBI is committed to keeping its constituency informed of potential vulnerabilities, possibly before they are actively exploited.

4.2. Co-operation, Interaction and Disclosure of Information

CERTBI regards the operational cooperation and information sharing with other CERTs and similar qualified organizations as of paramount importance. Therefore, while appropriate measures will be taken to protect the identity of members of the constituency and of neighboring sites where necessary, the CERTBI will otherwise share information when this will assist others in resolving or preventing security incidents.

CERTBI operates within the current Italian and European legal frameworks, with specific regard to the handling and disclosure of information.

CERTBI observes the CSIRT Code of Practice.

4.3. Communication and Authentication

Telephones and unencrypted emails are considered sufficiently secure for the transmission of low-sensitive data. If it is necessary to send highly sensitive data by email, PGP/GPG will be used. Network file transfers will be considered to be similar to email for these purposes: sensitive data will be encrypted for transmission.

CERTBI recognizes and supports the TLP (Information Sharing Traffic Light Protocol).

Where it is necessary to establish trust, for example before relying on information given to the CERTBI or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust by use of appropriate methods (e.g.: referrals from known trusted sources, checks with the originator, digital signatures).

5. Services

5.1. Incident Response

CERTBI is responsible for information security incident management, interacting with internal and external stakeholders in the context of cyber security incident response activities. CERTBI is responsible for the production and dissemination of tactical, operational and strategic cyber threat intelligence in order to prevent cyber security incidents and to effectively counter cyber threats, for sending out alerts and warnings to its constituency, for performing artifact analysis when necessary, and for providing assistance or advice with respect to the different incident response phases.

5.2. Proactive Activities

CERTBI services are based on FIRST CSIRT Services Framework and coordinates and maintains the following services for its constituency:

6. Incident Reporting Forms

CERTBI does not provide any public form for reporting incidents.

When reporting a cyber security incident to CERTBI, please provide at least the following information:

Please classify the information using the Traffic Light Protocol and apply encryption as appropriate.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CERTBI assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.