As part of its activities, the National Cyber Security Centre (NCSC) and its government team GovCERT.CZ offer the following services, which could help your organization in ensuring cyber security:


Coordination and assistance in solving incidents

Security incident solving belongs to the main activates of the government team. After reporting such an event, its experts are ready to help your IT professionals technically, including advice about further preventive measures. In case that some of the incidents target multiple entities, they are ready to coordinate a common approach to the problem. To this end, an audio-visual conference centre is being prepared at the NCSC headquarters in Brno.

Facilitating contacts

Given the extensive cooperation among institutions, it is possible to provide assistance in facilitating contacts both with Czech security teams and international partners in solving security incidents with international impact.

Sharing data

Because of close cooperation with various multinational organizations dealing with cyber security, the government team receives a large amount of reports and data related to potentially infected machines in the Czech Republic. It is possible to offer you this information. Due to variability, shared data is divided into individual projects:

BotnetFeed - thanks to this tool, data about end stations connected to the botnet networks is processed from sinkholed C&C servers. For identification of a potentially infected station in your IP range, you will be given an IP address and information about botnet into which it is connected. For a more detailed analysis of infection, it is possible to deliver timestamps of communication between an end station and C&C server, target IP address and used port. This information can be offered to partners in xml and csv formats.

IHAP, MDM* – under these projects, fragments of indicators of compromise (IoC) are collected from various servers. The most common indicators include phishing, brute-force attacks, ids alerts, spam, scanning attempts, exploitation of vulnerabilities, malware and others. Based on this data, short reports are prepared for partners. These reports always contain an IP address of the compromised machine and a short summary about the type of the incident.

*IHAP = Incident Handling Automation Project, MDM = Malicious Domain Manager

Shadowserver – this project focuses on continuous search of vulnerabilities in cyberspace and on presence of those vulnerabilities on particular IP addresses. team can facilitate either sharing of the data with your organization or contact with representatives of Shadowserver.

Deployment of honeypots

Network traps can detect attempts at unauthorized access to various systems; they can monitor behaviour of attackers and vectors of their attacks based on known vulnerabilities of web sources (e.g. XSS, SQL injection). To use this type of monitoring, a network trap can be deployed against an IP address designated by you. In case you decide to cooperate with the government team in this area, you can become a part of mutual sharing data from those honeypots.

Penetration testing

One of the forms of preventive activities is external penetration testing. It is a legal attempt to penetrate tested systems. Outcome is a report on vulnerabilities of the tested subject, which is intended solely for an owner of the system. Based on the report, the owner should adopt appropriate security measures.

Another option is to perform vulnerability scanning according to OWASP*. In this way, employees of the government CERT team can check the security of your web pages and draw your attention to possible security risks.

*OWASP = Open Web Application Security Project

Information HUB

On website you can find information, analysis and articles that are related to current threats and vulnerabilities in relation to systems in the Czech Republic. Information on the website is updated monthly with newsletters summarizing significant security incidents here and abroad.

A non-public information portal is currently being prepared. There contract partners and cooperating organizations will be offered extra information and in-depth analysis related to their systems.

Education and research

Employees of the NCSC are able to prepare training and lectures on different topics (technical and legal) in the field of cybersecurity.

Forensic laboratory and SCADA laboratory

Experts from the government team are also involved in forensic analysis. In case a machine in your istitution has already been compromised or there is suspicion that such a compromise could have happened, it is possible to investigate this event in our forensic lab.

GovCERT.CZ offers cooperation even in areas of technical measurement and analysis of industrial and control systems. To that end, SCADA laboratory was built in the NCSC.

In case you are interested in any of the above mentioned services, do not hesitate to contact us.