RFC-2350

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

1. Document Information

This document contains a description of Redes Energéticas Nacionais, SGPS, S.A (REN) Cybersecurity Incident Response Service according to RFC 2350.

• 1.1 Date of Last Update: Versão 1.0. Publishment date: 18/02/2021.
• 1.2 Distribution List for Notifications: There is no distribution list for notifications.
• 1.3 Locations Where this Document May Be Found: A The current version of this document can always be found at  https://www.ren.pt/en-gb/csirt/rfc-2350.
• 1.4 Authenticating this Document: Este documento está assinado com a chave PGP da REN.

2. Contact Information

• 2.1 Name of the Team: Centro de Operações de Segurança (SOC REN)
• 2.2 Address: REN Serviços, S.A. Rua Cidade de Goa n.4 2685-038 Lisboa - Portugal
• 2.3 Timezone: Portugal/WEST (GMT+0, GMT+1 during summer time)
• 2.4 Telephone Number: (+351) 210 011 210 (24/7)
• 2.5 Fax number: Not available.
• 2.6 Other Telecommunication: Not available.
• 2.7 Electronic Mail Address: To report an incident please use the following e-mail address: soc@ren.pt
• 2.8 Public Keys and Encryption Information: 92A9 185F 8FC3 613A PGP Fingerprint: D8BB B139 AA27 911E 2B65 6060 92A9 185F 8FC3 613A. The X.509 certificate is available at: https://www.ren.pt/media/eixptxcm/ren-soc_x509.pem
• 2.9 Team Members: The list of the team members is not publicly available.
• 2.10 Other Information: Not available.
• 2.11 Contact Means: REN’s contact means are stated in the following sections: 2.2 e 2.4 a 2.7.

3. Charter

• 3.1 Mission: REN Security Operations Center's mission is to ensure an Information Security Incident Response service and to promote a cybersecurity culture among REN employees and business processes.
• 3.2 Constituency: The constituency of SOC REN is composed of any information and communication technologies that support REN's business processes and services, including the following information assets:

a) Autonomous System Number: AS207112 - 185.165.104.0/22
b) Domains: ren.pt; rengasodutos.pt; rentelecom.pt; renatlantico.pt; rdnester.com; renarmazenagem.pt; portgas.pt

• 3.3 Sponsorship and/or Affiliation: SOC REN is an operative service within the Information Systems Department.
• 3.4 Authority: SOC REN is an operative service within the Information Systems Department and its mission is formalized in an internal Service Order.

4. Policies

• 4.1 Types of Incidents and Level of Support: SOC REN responds to all categories of cybersecurity incidents, and the given support level varies depending on the category, severity and scope of ongoing incidents and the resources available for their treatment.
• 4.2 Co-operation, Interaction and Disclosure of Information: REN's Privacy and Data Protection Policy states that sensitive information can be passed on to third parties, only if necessary and with the express authorization of the individual or entity to whom that information relates.
• 4.3 Communication and Authentication: SOC REN considers that telephone and unencrypted electronic mail are considered sufficient for transmission of non-sensitive information. For the transmission of sensitive information, the use of a PGP cipher or digital certificate is mandatory.

5. Services

SOC REN supports the technical and organizational aspects of security incidents.

• 5.1 Real-Time Security Event Monitoring: Collection, filtering and correlation of logs from different sources to identify potential security incidents.
• 5.2 Event Screening: Validation of whether a detected or reported event is a security incident and if it falls within the scope of the incident response team.
• 5.3 Coordination and Resolution:

- - - Classification level determination.
- - - Prioritization of incidents based on classification.
- - - Collection and registration of additional context information.
- - - Development of recommendations for incident response and mitigation.
- - - Advising local teams on appropriate actions to take.
- - - Identification of lessons learned.
- - - Sharing of information with other CSIRTs and cooperation networks.

• 5.4 Proactive Activities:

- - - Monitoring of infrastructure, applications and systems from the perspective of cybersecurity vulnerabilities and weaknesses.
- - -Impact assessment of changes and configurations.
- - - Threat Intel.
- - - Threat hunting.
- - - Communication, awareness and training activities.
- - - Participation in incident/crisis management exercises at national level.

6. Disclaimers

Although every precaution is taken in the preparation of the information disclosed either on the Internet portal or through the distribution lists, SOC REN assumes no responsibility for errors or omissions, or for damages resulting from the use of this information.

-----BEGIN PGP SIGNATURE-----

x+hQBhFcfq4LwkpPV2cZl92B7BpX7cuRdF3Zi+iNOa1CJ4qM2U3Ze1qpBtmaj85I
1VY6TpvOR6pbwxxqVv05L5a0oufR1EkT2FVJkMsWyTfEMKF3vKB5OlVd6BVKwstD
fksq4CzRIk+58QuAFuexkUwYmcnv2EJwW58FnT5z7XULNIV7CW7yf86GXp6xSypp
1SwOnf5bs4eFjeMFbmaiCA5GvinPej0IcbirYKc1yRzZf7h7eplYLirX+ahp68dR
xGq34HFbjcEv/5m32Q045sU3KY1EpoIVf0VA56AS4rn5XygcWIrkt/vpF2Ab7Ngu
XyWeydCZERwYt/udwbBnm8qS+mN4qm0vh69AEbhLOmJK1u5O8+4JTRJK4Ho1hvgg
39UXui5njjDGncliiwtx9lJ2uC23XmnJl/gC2auicb9J3NQi4EEC15QlWO29hOBG
O1yIE1Hm5lfiyvudOXTxwtAK5tneqQFEvRN2pszw419hZBxe5FHlg/Za2bcu7rJj
vM21J9b6GQ5trHK7aQNAjWgb1KJeojEEq67v4kTnvoq8t6vmgQL7OQAUR2TwfCe6
mt1B05onFQo8wLVM4jDru7MSPbihhgHD6HgSVZaQKTmHdB9iSjtC9sCncQARAQAB
tBRTT0MgUkVOIDxzb2NAcmVuLnB0PokCcwQTAQgAXRYhBM8aywJhuKa7rUeC19GZ
y8oNe2HDBQJpqFyGGxSAAAAAAAQADm1hbnUyLDIuNSsxLjExLDIsMQIbAwUJBaSu
OgULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRDRmcvKDXthw3SfD/9B3tID
XdiT5R7WpAL9dCXPw40v6FPsfsZw6n4e6f1a52iFzE5cWbezbrCTAsQTJWGcq3Q4
062Cd1y+AUQmsWBE4ZkCaLXVKVgFHL7Iw1uMN2ZdNGWfr3mPk9uwzrvdMOvkmMHY
9+Fm9LGGnwjgq+FMEvEQ/Q7TPhVyzbc0mkl7UkCW/K5VZe9nBCQATqcQIBUccWaP
w9OQnE84vgvxsu5AtoEEC68+KvTCVXicNjIzKiqAefENOxtNXOkwezswhDF110vc
6cvy073m72wV08mHIfQaknw2eLqyDBGnh/StEPucjviCtTy/nwgFMjhhEkwI7IiR
UFYHsY9Jeliye9L9qhZ4MnBH7hRZP1pxsoxXgvl+kXVw44m8FbgZ5e0oNu0YAaE7
82KZcsw2UCMXr2fx56u89gMA6MH0eUvCx37yRblQP7CMr42dv/i6n/q0A+so9ZYT
eGH7jbTd7vdWcuS79GmFg1QPNAdQsQlqw4wgr7U9lyTiwP6saTpja7nRgUKuhek1
5bznSp4424NIzSORMAF7pvqPz9yJZ4NIkjgDJP01rVvp19WEcQUWlByoQ2lUEqH6
utvztHK3k9K1WRgJjR/thBUvGo/Thu1PboQ+e2FrsQ/jQACv9frpKG5CBApY5YWx
+wAV4S0z7BlfWHZw8e3xDwoBAx3fwr70fbHoIrkCDQRpqFyGARAAtFmIKilQKGDj
sLPay68fnOPLbdLsM5qlOYUN0QD4bv09kCEjbCwuxfPGdIjyrDd1wYjphD+wEn9y
6kHOPVKQVea1f0l2oXB60wYx/09XcvlOs9g5+9hz+mWC7YZh/sNDZIFqfUqtd1bc
X98Q6UbP1k/vuToiQOPTR38joICZqQebCHPRoJYn92HPI++dlpJTVgFPLXkM1vWu
o7bf1/9n4l+G1C4tEeNyGGTwUjdKLYolGEncTkkUmkTuDxzowepiekHfsiV6V6/a
8fNE/YQnP5Ce0Lf/w7KV65bxdR3AzpbK3Q6maRZZMJEI3VosQPawaB7yXojHOUBd
dZo0Bjm34mWynmZAfsDMSMu7g+4nLCr310jVa2j0AALp9gLugvAPXPEoX0yVgCXE
ala7buKQdPTXTF0xQL3Cueb70ATLWabX982KPSvSknEi+KiHARWYAoVtTOaCczbK
kAYdlrD36wPvzyquu8FDTaQTaAWHgWnm0q2bwIYbTY/VaI7Gw6zhHBsekEzSiv9E
TuXF/cU9Q1xM8KMxcIyORrRD7jCZex5KGQNNn0w0hF8O8yRz6uOtNaI9om3qjSdV
0vAnsEV6C3tQV5UaYh0FypzNsYPOyaSPbdDry5ezYJ65uJ6gq6D69EZff147jJ8p
e/nYoNDcBy5XE47Paejue1x4xFjkr68AEQEAAYkCWAQYAQgAQhYhBM8aywJhuKa7
rUeC19GZy8oNe2HDBQJpqFyGGxSAAAAAAAQADm1hbnUyLDIuNSsxLjExLDIsMQIb
DAUJBaSuOgAKCRDRmcvKDXthw1H1D/0Y9J7+N8S7sQDfJurmLA6ThKHv6NtAAHp+
zB89bJDaW170pT/zxnajAo2Yl1ghK6OU1KRPmTBWk2mRUAlyIXXN/2RBZm8bZcE/
0o+QMvYWynHT1Kr8pMXSO46+J5cKwnqKQMRglfmpY554svdPtKkBa3c8IgOpcVlu
SHw5RkAcvR4vb9ffkr82PXdtyI7FuHkkDK+vUydRTziQt2vVgMDzYBAD0b6g4O37
4/zLVIy11jhckon4qbF6RTc3lgLfEpNrugM7lYZN5hAPVXt1fi4/TvFhapEFHWwg
SJCNlwbQ4+bnMAIDcgBjUUcFvsa0DP2btuRJljYjrdI7I5ubXsQphIIBr4JTQZHZ
7y/yMpWzINc+12d27bopsZpoO6I6rvIn8/+8V86kMeODFgAaHrUYP7EtH6I4npri
SUGON9PpzQ2SCQJIgqCocHdW75+lA2gKAmIaApONRs3FNzb5FP+qb7AgebilBTyt
bIIIP66J4GqnU/+kcJuCa3hCMRjQHwMwYjZusNv17EsFtW6RQinlVYq2kGqjZV6R
R25kaXBpT8Se7DBWy3zdR1cZKNyTOL89YSl9t6DenQRd732l669YLSg3HBut1Rst
elQ55mkzktChnnbDp7p7w6RLBOkS0Ga/3IhfGbxXBPZwDaFZGquC/jHUC7ynDFp8
a82Y5EFgFw==
=ue5g

-----END PGP SIGNATURE-----