CIRAS Platform Users Manual (Version 1.0) · CIRAS Platform Users Manual Severity of threat: The...

CIRAS Platform Users Manual

CIRAS Platform Users Manual (Version 1.0)

Published: January 2021


Contents

1 Introduction ....................................................................................................................... 3

2 Login ................................................................................................................................... 4

3 CIRAS platform – Landing page ....................................................................................... 6

4 CHOOSE BREACH REPORTING PROCESS ........................................................................ 7

Create and view incident report ................................................................................................................. 7

Create and view quarterly updates ........................................................................................................ 11

Create and view annual summary report ............................................................................................. 13

Cross border sharing ................................................................................................................................... 15

Cross border messages ............................................................................................................................... 18

Country profile ............................................................................................................................................... 21

EU contact list ................................................................................................................................................. 22

Incident search ............................................................................................................................................... 23

EU dashboard ................................................................................................................................................. 24

5 CIRAS VISUAL TOOL ........................................................................................................ 25

6 CIRAS SUPERVISION MAP .............................................................................................. 26


1 Introduction

The aim of this document is to guide the users through the various functionalities of the CIRAS

platform.


2 Login

Access the CIRAS platform by using one of the following ways:

i. Enter the url of the tool in your browser directly: https://resilience.enisa.europa.eu/ciras/

https://resilience.enisa.europa.eu/ciras/


ii. Login to the ENISA Resilience Portal and then access the CIRAS tool


3 CIRAS platform – Landing page

After you successful login you will have access to the landing page of CIRAS platform.

From there you will able to see the following areas:

CHOOSE BREACH REPORTING PROCESS: In this area you can choose the breach

reporting process, report and share your incidents and submit the annual report.

CIRAS VISUAL TOOL: In this section you will find the link to the visual tool which gives

you access to 8 years of telecom security incidents, and 4 years of trust services incident

reports: a total of 1100 cybersecurity incidents. The tool allows for custom analysis of

trends and patterns.

CIRAS SUPERVISION MAP: In this area you will find a tool which facilitates the

gathering of the technical supervision details per sector, per country.


4 CHOOSE BREACH REPORTING PROCESS

Select your breach reporting process and you will be redirected to your country home page

where you can see past incidents (grouped by year).

Create and view incident report

To create a new incident report click on “Report incident” [red button].


From there you will be redirected to the New Incident Report page. On the New Incident Report

submission form, you are asked to fill in the following fields:

Select type of incident: You are asked to provide information about the type of the incident.

Different parts of the template will be activated depending on the type.

1. Impact of the incident: You are asked to provide information about the affected services

[sectors in case of NISD reporting process] by indicating one or more services [sectors] impacted.

Depending on the incident’s type you may be asked to indicate the number of affected users

and/or the duration of the incident.

2. Nature of the incident: You are asked to indicate the category of the root cause of the incident.

3. Details about this incident: You are asked to provide further information about the incident.

Summary: You are asked to provide a description of the incident. CAs may also describe

incident response actions, i.e. actions taken to mitigate the impact of the incident, and

lessons learned from the incidents or measures, which will be implemented on the long-

term, by the CA.

[Visible to EECC Article 40 and eIDAS Article19 reporting] - Service technology or

subservice: You are asked to provide further information about the technology [in case of

EECC Article 40] or the subservice [in case of eIDAS Article19] that was affected.

[Visible to NISD reporting] - Essential service affected: - You are asked to provide

information about the essential service that has been affected by the incident. If there is

no essential service affected you can provide “None” as input.

Detailed causes: In this field you should provide information about the initial cause of the

incident, i.e. the event or factor that triggered the incident in combination with any other

detailed causes that subsequently played a role in the incident.

Technical assets affected: In this field you should indicate the assets which were first

affected by the incident.

Significance factors: This field contains factors that CAs may want to take into

consideration when assessing the scale of impact.

Scale of impact1: In this field you are asked to indicate the incident’s scale of impact.

Threat severity factors: This field contains factors that CAs may want to take into

consideration when assessing the severity of the threat.

1 Note that for EECC Article 40 reporting procedure, the system suggests the scale of impact of the incident based

on the input provided in the following fields: duration | number of users | significance factors. CAs can indicate a

different value than the suggested one.


Severity of threat: The severity of the threat is used to indicate, from a technical

perspective, the potential impact, the risk associated with the threat.

After you have submitted all the fields, you can click on:

a. “Save and close” to save your report and go back to your country’s home page

b. “Save and keep editing” to save your draft report and continue editing it in the future

c. “Save and next” to save the current report and automatically open a form to create a new

one

d. “Share crossborder” to save your report and share it crossborder with other MSs

e. “Cancel” to cancel your report and go back to your country’s home page

Once you have submitted an incident report you can view it by clicking on the incident card frame

in your country’s home page.

You will be redirected to the Incident Report View page where all the data related to your incident

are available.


This page also allows for NCAs to post comments [either as a free text input or as attachment]

regarding the current incident report.

The page also allows you to share your current incident cross border with other MSs. Please see

below the section “Cross border sharing” for more information about the incident sharing.


Create and view quarterly updates

This functionality applies to EECC Article 40 and eIDAS Article 19 reporting processes. The

“quarterly updates” functionality facilitates the collection and sharing of supervision state-of-

play updates from authorities across EU, including summary information about regular

supervision activities, supervision updates (similar to the information exchange during regular

round tables in meetings) and updates about specific questions and issues.

To create a quarterly update click on circle button inside the light blue frame in your country’s

home page.

Then you will be asked to provide your input on the following questions:

1. General picture, notified incidents

2. Noteworthy incidents, issues to share

3. Recent developments in your sector nationally, initiatives, policy, legislation

Next, click on “Submit quarterly report” to submit your quarterly update. That’s it! Your quarterly

update has been submitted. You and ENISA will receive an email regarding the submission.


Upon submission a checkmark appears indicating that you have submitted your quarterly

update. By clicking on it you can view/edit/delete your update.


Create and view annual summary report

When all incident reports are in the tool, click on the dark blue button “Annual summary report”.

Now select all the incidents you want to include in the annual summary report, one by one, and

then click on “Next” inside the dark blue button. Note that if you have no incidents to include in

your annual report you just click “Next”. This will create a so-called empty annual report.


In the next page, fill in your general conclusions and observations about the year and click on

“Submit annual report”.


That’s it! Your annual report has been submitted. You and ENISA will receive an email

regarding the submission.

Note that you can access/download/edit/unsubmit your just submitted annual summary report

by clicking on the timestamp that will appear on the right side of the year’s tab

Cross border sharing

Cross-border reporting gives to NCAs the opportunity to share among NCAs of other countries

incident reports. This mechanism allows the NCAs to notify other NCAs from other countries

about incidents/vulnerabilities/threats.

You can share your incident cross border with one of the following ways:

You can share it the moment you create the report: In this case you will share your

incident cross border by clicking on “Share crossborder” at the bottom of the New Incident

Report page.


Then, you will be redirected to the cross border section [at the bottom of the Incident Report

View page] where you will be asked to provide further information.

The article(s) and country(ies) with whom you want to share your incident and

the message you want to send.


After you have shared your incident report, the cross border conversation thread will appear at

the bottom of the page. You will receive an email notification every time users submit a new

message. Important notes:

To include additional countries in the cross border discussion you can click on the +

button and proceed with the countries’ selection.

To indicate that the cross border discussion is closed you can choose the option

“Resolved” in the discussion state field. By default the discussion state is “Active”.

To disable email notifications for this discussion you can click to the relevant button.

You can share your report cross border at a later moment in time: In this case you need

to access the Incident Report View page and scroll to the bottom of the page to find the

cross border section. Then, you will be asked to provide the following information.

The article(s) and country(ies) with whom you want to share your incident and

the message you want to send.


After you have shared your incident report, the cross border conversation thread will appear

at the bottom of the page.

Cross border messages

In this page you can have an overview of the incident reports that have been shared with you.

You can access this page by clicking on “Cross border messages” in the blue navigation bar.

As shown in the image above, you can have an overview of the incidents that have been shared

with you. You have quick access to the following information

Incident ID,

Incident description,

Discussion state (active/yellow, resolved/green) and

Timestamp indicating the date that the discussion started

At the bottom of the tab there is the incident’s link to access the incident data and the cross

border conversation thread.


Note that in case there are new messages in any of the cross border discussions you are part of,

then a red flag icon will appear in the navigation bar as well as in the Cross border messages

page next to the incident ID.

The red flag icon, if exists, indicates that an action is required for this incident. The action could

be either dismiss or reply. As long as no action is taken the red flag icon will keep appearing.


By clicking either “Dismiss” or “Reply” buttons you indicate to the other members that you have

seen the message. The only difference is that with the “Dismiss” you do not reply whilst with the

“Reply” you can post a comment.

See below a screenshot that demonstrates the conversation thread. [with some explanatory

comments]


Country profile

You can access your country profile page by clicking on “Country profile” in the blue navigation

bar.

After you navigate to the page, you will be able to view and edit your country’s information

[organization details, contact points, supervision details]


Note that this information updates your country’s profile attributes to the CIRAS Supervision

map as well as the “EU contact list” page.

EU contact list

The global menu of NCAs contact list allows the NCAs to easily access all the necessary

information in order to contact with the CAs from other EU countries. The list of the EU

countries shows in alphabetical order in the webpage. You can access the list by clicking “EU

contact list” in the blue navigation bar.


Incident search

The search page can be accessed through the blue navigation bar from any page by clicking on

“Incident search”. This page presents various filters:


EU dashboard

The EU dashboard page can be accessed through the blue navigation bar from any page by

clicking on “EU dashboard”.

In this page you can see the following tabs:

“Annual report: EU status” tab – it provides an overview of the annual report submission

status over the years of reporting.

[Visible to EECC Article 40 and eIDAS Article 19]: “Quarterly report: EU status” - it provides an

overview of the quarterly updates. (grouped by quarters). You can export the data by

clicking on “Export all”.

“Supervision topic: EU status” – you can submit a new topic regarding any supervision issue

or navigate to supervision topics already submitted by other members.


5 CIRAS VISUAL TOOL

The online visual tool, accessible to the public, gives access to 8 years of telecom security

incidents, and 4 years of trust services incident reports: a total of 1100 cybersecurity incidents.

The tool allows for custom analysis of multiannual trends and patterns.


6 CIRAS SUPERVISION MAP

The tool facilitates the gathering of the technical supervision details per sector, per country. The

tool gives access to information regarding:

the competent authorities with details about their competences in the sector

the services in scope, estimate number of companies in scope

the incident reporting thresholds

the type of security requirements in place

Date post:	23-Apr-2021
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

CIRAS Platform Users Manual (Version 1.0) · CIRAS Platform Users Manual Severity of threat: The...

Documents