The establishment of the the Swedish IT Incident Centre, SITIC - PTS-ER-2004:44 - December 2004

29/12/2004

On May 30th 2002, the National Post and Telecom Agency (PTS) received the government assignment “Assignment to the National Post and Telecom Agency regarding reporting of IT incidents”. PTS has carried through the assignment by establishing the Swedish IT Incident Centre, SITIC, with government agencies, regions, municipalities and private companies as constituency. This report gives an account of the establishment of the organisation.

In two years, PTS has in SITIC set up a complete, functioning and internationally established CERT (Computer Emergency Response Team). The establishment has been done step-by-step during 2003 and 2004. All four parts of the government assignment are in operation, i.e. handling of incident reports, communication regarding threats and risks, preventive activities and statistics. Public deliverables so far are e.g. documents offering preventive advice and quarterly statistics, as well as approximately 250 Security advisories and 30 Security Alerts where SITIC has provided advance warning regarding issues such as the software vulnerabilities exploited by the worms Blaster and Sasser.

SITIC delivers neutral, non commercial information, built on proprietary data and in house capabilities regarding information acquisition, traffic monitoring, analysis and filtering. Information about product vulnerabilities has played a prominent part in the activities. The establishment phase has seen an increasing utilisation of the SITIC web site and a good subscriber take up for the Security alerts.

The reporting of incidents is of interest for statistical purposes but has limited value for SITIC’s ability to produce knowledge, warning information and trend information. In that context, the information acquisition process stands out as vital, as does an instrumental relationship with cooperating organisations. The reporting of incidents has been hampered by the secrecy legislation in place until July 1st 2004 when the law was modified, but also by a low willingness to report.

SITIC is a natural component within PTS’ area of responsibility concerning electronic communication and constitutes a very substantial requirement for PTS in it´s work with security in electronic communications. SITIC’s organisational affiliation within PTS brings good conditions for functioning effectively.

Vulnerabilities in widely deployed software seem to be increasingly exploited for Internet based criminal activities. From a societal perspective, increasing internet based crime has the potential to undermine confidence in the Internet as a platform for business and banking activities. Hence, a case can be made for strengthening the triangle SITIC – Internet service providers – police, in line with emerging international requirements.