National Computer Network Emergency Response Technical Team/Coordination Center of China
1. Organization Profile
The National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) was founded in August 2001. It is a non-governmental non-profit cybersecurity technical center and the key coordination team for China's cybersecurity emergency response community. As the national CERT of China, CNCERT strives to improve the nation's cybersecurity posture and safeguard the security of critical information infrastructure. CNCERT leads efforts to prevent, detect, alert, coordinate and handle cybersecurity threats and incidents, in line with the guiding principle of "proactive prevention, timely detection, prompt response and maximized recovery".
CNCERT has its presence in 31 provinces, autonomous regions and municipalities across mainland China. CNCERT coordinates with key network operators, domain name registrars, cybersecurity vendors, academia, civil society, research institutes and other CERTs to jointly handle significant cybersecurity incidents in a systematic way. With an important role in the industry, CNCERT initiated the foundation of China National Vulnerability Database (CNVD), Anti Network-Virus Alliance of China (ANVA) and China Cyber Threat Governance Alliance (CCTGA).
CNCERT actively carries out international cooperation in cybersecurity and is committed to establishing the mechanism of prompt response to and coordinative handling of cross-border cybersecurity incidents. CNCERT is a full member of the world-renowned Forum of Incident Response and Security Teams (FIRST) and one of the founders of the Asia Pacific Computer Emergency Response Team (APCERT). As of 2018, CNCERT has established "CNCERT International Cooperation Partnership" with 233 teams in 76 countries and regions. CNCERT has also actively engaged in activities of APEC, ITU, SCO, ASEAN, BRICS and other international and regional organizations.
2. Mission Statement
Incident detection: By leveraging the "Internet Security Detection Platform", CNCERT proactively monitors cybersecurity threats and incidents for critical information infrastructure like financial, industrial and mobile network. CNCERT also discovers threats and incidents by sharing information with both domestic and international partners and by receiving incident reports from users at home and abroad through hotline, fax, email and website.
Alerts and advisories: Through the analysis of cybersecurity information gained from multiple channels, CNCERT provides users with timely alerts and advisories on cybersecurity threats and incidents, macro situational reports for enhanced awareness and better sharing of technologies and information.
Emergency Response: CNCERT accepts and collaboratively responds to cybersecurity incidents of significant impacts. Priorities include threats and incidents that hinder the secure operation of the Internet, affect a large number of Internet users, involve critical information infrastructure and key government agencies, have great social impacts, and the incidents reported by other national CERTs.
Tests and evaluation: Based on the principle of "supporting regulation, serving the society", CNCERT offers professional cybersecurity test and evaluation services to public and private sectors in a scientific, standardized, impartial and independent manner. CNCERT also develops cybersecurity standards for communications and engages in the development of security protective standards for telecommunications and the Internet.
3. Incident Handling Procedure
Report: CNCERT has set up a 24/7 reporting mechanism to accept cybersecurity incidents. Both domestic and international users can report incidents to CNCERT through the following channels: website, email, hotline and fax.
Ø Website: //www.acabe.net/
Ø Email: [email protected]
Ø Hotline: +8610 82990999, 82991000(EN)
Ø Fax: +8610 82990399
Acceptance: The types of cybersecurity incidents that can be accepted by CNCERT mainly include the following: malware, website defacement, backdoors, phishing, vulnerabilities, data interference, denial of service attacks, abnormal domain, router hijacking, unauthorized access, spam, incidents of mixed nature and other cybersecurity incidents.
Handling: After verifying the actual happening of an incident with sufficient evidence, CNCERT will promptly respond via the mechanism established with domestic and international ISPs, domain name registrars and cybersecurity vendors.
Feedback: After all the three steps above - report, acceptance and handling - are completed, CNCERT will immediately notify the source of the report, including acknowledgement of receipt, acceptance or non-acceptance with reasons behind, and the handling results.
4. Contact Us
ØEmail: [email protected]
ØHotline: +8610 82990999, 82991000(EN)
ØFax: +8610 82990399