Incident handling by the CERT: General Conditions
The Cyber Emergency Response Team (CERT) is a department of the Centre for Cybersecurity Belgium (CCB), a federal administration under the authority of the Prime Minister and responsible for monitoring incidents related to the security of networks and information systems.
Report an incident
All entities may report, on a voluntary basis, incidents that have a significant impact on the continuity of the services they provide. This voluntary notification does not have the effect of imposing obligations on the notifying entity that it would not have been subject to if it had not made the notification. When processing a notification, the CCB may nevertheless give priority to mandatory notifications imposed by the NIS Act over voluntary notifications.
Requesting assistance
In the event of a request for assistance from you, you may be asked to give the CCB access to your information systems, which means that you authorize, for the duration and for the purposes of following up the incident, access to the documents and data contained in your systems.
In accordance with our legal obligations regarding confidentiality and the processing of personal data, we will treat your information as confidential and will limit access to information to those persons who need it to carry out their duties.
A copy of the hard drive, memory information or logs of the information systems concerned may be requested for further analysis by the CCB or the police services. This information will be stored on encrypted computer media and will not be kept longer than necessary in accordance with our legal obligations.
The CCB provides technical and organisational advice to control a cyber incident but does not itself carry out the necessary operations.
The CCB may need to deploy programmes on your systems in order to collect additional information. This software has been tested and is used on a regular basis, but the CCB cannot be held liable for any unintended damage arising from the normal use of these tools.
The responsibility for managing the incident and the measures taken remains with the person responsible for the networks and information systems.
The information collected by the CCB may be exchanged anonymously (e.g. indicators of compromises found) with other Belgian or foreign authorities, when this exchange is necessary for the application of legal provisions. Of course, these exchanges will be strictly limited to what is relevant and proportionate to the purpose of this exchange, in accordance with the legislation relating to the processing of personal data.
In the event of observation of criminal offences, certain information could, if necessary, be communicated to the police services.
An on-site crisis room where people can freely exchange confidential information could also be necessary.