The National Authority Against Electronic Attacks – National CERT, is responsible for cyber security, particular in critical infrastructure, according to Greek Legislation Bill 3649/2008, Article 4, Paragraph 8, Presidential Decree 126/2009, Article 2, Paragraph 1.Z. The National CERT, being operational since 2008, and its roles and responsibilities include:
-
Being a competent National Authority to protect from electronic threats-attacks for the Public Sector and National Critical Infrastructure.
-
Collect Evidence from electronic attacks from public and private bodies.
-
Analyse, Document and Categorize security incidents and handle them according to their type.
-
Provide Consulting and Information for ICT infrastructure protection to the Public and Private Sector upon their demand.
-
Inform about imminent electronic attacks and provides countermeasures.
-
Collaborate with other CERTs and Public Sector for related topics.
-
Provide Consulting and Assistance on demand to the organization’s facilities that was attacked to mitigate the attack’s impact.
-
Coordinate the incident response actions between involved parties.
The National Authority Against Electronic Attacks – National CERT participates in Trans European annual exercises on cyber security or in NATO ones as well as in National Security Exercises aiming to the enhancement of security nation-wide.
National Authority Against Electronic Attacks – National CERT acts as the representative CERT for the EU members in case of a large-scale cyber attack.
Also, National Authority Against Electronic Attacks – National CERT supports all Greek public organizations and critical infrastructure for the same purpose. The Authority participates in international organizations on Cyber security, and in the Cooperation Group and CSIRT Network.
The National Authority Against Electronic Attacks – National CERT in cooperation with other competent Ministries and independent authorities, participates in the preparation of the National Cybersecurity Strategy.
Based on the experience acquired by the National Authority Against Electronic Attacks – National CERT in the combating of electronic attack incidents on the Public Sector, a guide of general direction for the protection of computer systems from electronic attacks, has been drawn. The guide is of a consulting nature and the measures aim to the security of a satisfactory level of security of an open, non-classified computer system and eventually to the protection and prevention of incidents of security breach. Also, the measures are applicable to the Public Sector or the Private one, alike, being implemented in total or partially, they appeal to administrators and network security experts, without of course excluding civilian with basic technical background. However, as the electronic attacks multiply, needs are increasing and there is a push (from EU, NATO, etc.) towards greater security and amendment of existing laws regarding Cyber Security, as the current measures have proven inadequate. Therefore, the National Authority Against Electronic Attacks – National CERT deems necessary the establishment of additional measures pertaining to the safeguarding of the public sector and the Greek critical infrastructure against electronic attacks. Hence, the agency deliberates over the conducting of “penetration tests” in considers highly important that all involved users be sensitized towards the issue in question and realize that Hackers can attack their computer systems; to address this aspect, the National CERT considers the hosting of forums-seminars of high importance. These events help users with upgrading of their knowledge on cyber security as well as cyber-attack incident analysis tools, as these have been developed in past incidents.