Date: 18 Feb 2019, 17:00:00 +0100
1. Document information
This document contains a public description of Deutsche Telekom CERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of last update
18 Feb 2019, 17:00:00 +0100
1.2 Distribution list for notifications
There are no public distribution list for notifications as of 2019/02.
1.3 Locations where this document may be found
The current version of this document can always be found at: http://www.telekom.com/security/cert
1.4 Document Authenticity
This document can be retrieved from our webserver using TLS/SSL.
2. Contact information
2.1 Name of the team
Deutsche Telekom CERT
Deutsche Telekom AG
Deutsche Telekom CERT
Bonner Talweg 100
2.3 Time zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200/CEST during summer time in Europe, approximately end of March until End of October).
2.4 Telephone numbers
+49 228 181 71773 (primary number, 24/7)
+49 800 3824 2378
Please observe that the above published telephone numbers are solely intended for communication related to critical security incidents. Disregard this previous condition might lead to blacklisting of your telephone numbers on our PBX.
2.5 Facsimile number
2.6 Other telecommunication
2.7 Electronic mail address
Please send incident reports to email@example.com.
2.8 Public keys and encryption information
User ID: Deutsche Telekom CERT - Team Key 2018 - 2021 <firstname.lastname@example.org>
Key ID: 0xA8FF58B4 Key type: RSA
Key size: 4096 Expires: 2021-08-29
Fingerprint: 432F 6F27 10EC A96B 670A 24EE 11D8 746A A8FF 58B4
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
3.1 Mission statement
Protect Deutsche Telekom and its constituents from attacks, using state-of-the-art detection methods. Professionally manage cyber incidents and ensure the timely and sustainable resolution and recovery.
Deutsche Telekom CERT's constituency is mixed, thus, the team attends internal and external customers.
3.3 Sponsorship and/or affiliation
Deutsche Telekom CERT is an internal unit of Deutsche Telekom AG and is solely financed and supported by the latter.
The main purpose of Deutsche Telekom CERT is the group-wide and multinational coordination of incident response and operative incident handling, throughout Deutsche Telekom subsidiaries and member companies.
Deutsche Telekom CERT has indirect authority over AS3320 (DTAG) and with the German CERT- Verbund (union of German CERTs), it is an accredited TI (Trusted Introducer) team, and also a full member of FIRST (Forum of Incident Response and Security Teams).
further European and International Institutions such as: * ETIS - The Global IT Association for Telecommunications * ETNO - European Telecommunications Network Operators' Association
4.1 Types of incidents and level of support
Deutsche Telekom CERT addresses all kinds of security incidents which occur, or threaten to occur, within its constituency.
The level of support depends on the type and severity of the given security incident, the impact for affected companies and persons within our constituency, and our resources at the time. Usually, our first response is timely at the same working day.
We expect end users to contact their local systems or network administrators or their local security contacts.
4.2 Co-operation, interaction and disclosure of information
Deutsche Telekom CERT highly regards the importance of operational cooperation and information-sharing between Computer Emergency Response Teams, and also with other organizations which may contribute towards or make use of their services.
Deutsche Telekom CERT operates in strict compliance with German and/or EU legislation.
4.3 Communication and authentication
Deutsche Telekom CERT makes use common cryptographic methods to ensure the confidentiality and integrity of the communications. GPG/PGP and S/MIME are available for general communication via email.
5.1 Incident response
Deutsche Telekom CERT is able to perform operative incident handling in several different environments. The tasks include large-scale hunting and detection of security incidents, artifact collection, artifact analysis and reverse engineering.
5.2 Incident coordination
Deutsche Telekom CERT ensures it has operational capabilities to coordinate large-scale cyber security incidents and emergencies.
Deutsche Telekom CERT will also collect statistics about incidents within its constituency.
5.3 Proactive activities
Deutsche Telekom CERT offers up-to-date information about security vulnerabilities to its internal constituents. Besides, the team continuously develops new tools for incident detection and investigation.
6. Incident reporting forms
There are no public forms available. All communication should be directed to mailto:email@example.com. We recommend any communication related to security incidents or Vulnerabilities to be encrypted by GPG/PGP tools. Please use our current team-key, published on this website.
While every precaution will be taken in the preparation of information, notifications and alerts, Deutsche Telekom CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.