Critical infrastructure protection
Ongoing monitoring of software vulnerability, collection of risk-related information, monitoring of compliance with security policies, and computer security incident handling are among the most important factors affecting the security of critical infrastructure of the country.
What is critical infrastructure?
A country's critical infrastructure means the resources that are essential for the functioning of its society and economy. It includes ICT systems which support power generation and distribution, transportation, telecommunications, health care, national security, and public administration.
The complexity of software and ICT systems has increased enormously over the last decade. Similarly, there has been, and still is, an increased risk of disclosure and use of software vulnerabilities in order to seize control over the system.
Armed conflicts and terrorist activities more and more often involve attacks on ICT systems. Therefore, the protection of critical infrastructure is one of the priorities of public administration and the correct functioning of these systems and their credibility are essential to ensure national security.
Since 2012, Atende Software has been developing the ICT Security System for Critical Infrastructure, which is designed for public administration and critical infrastructure protection. We also provide services related to penetration testing and training. Our employees actively seek vulnerabilities in widely used software.
Our software is tailored to the needs of public administration, as we rely on legal regulations on the protection of classified information and the National Critical Infrastructure Protection Programme. We work with CERT/CSIRT teams and participate in the NASK N6 program and OVAL consortium.
Compliance with standards
Our software is compliant with the SCAP standards (Security Content Automation Protocol). SCAP is a set of specifications that provide a standard format and nomenclature, to be used by security software for communicating information on security policies, vulnerabilities, and ICT systems configuration.
SCAP and RFC standards
OVAL (Open Vulnerability and Assessment Language)
This standard specifies the data format used to describe software vulnerabilities and bugs, tests to check their occurrence, prevention methods, and reporting.
XCCDF (Extensible ConfigurationChecklist Description Format)
This standard specifies how to write system requirements (e.g. re security policies) and reporting compliance assessment results.
OCIL (Open Checklist Interactive Language)
This standard describes checklists which are used to manually verify security levels, based on an interview with the administrator.
IODEF (Incident Object Description Exchange Format)
This standard allows CERT and CSIRT to exchange information about computer incidents.
CVSS (Common Vulnerability Scoring System)
This standard defines the rules for the scoring system which is used to assess the validity of threats resulting from hardware and software vulnerabilities.
CVE (Common Vulnerabilities and Exposures)
A dictionary of software vulnerability identifiers associated with the use of specific software flaws.
CCE (Common Configuration Enumeration)
A dictionary of configuration variables that affect system security.
CPE (Common Platform Enumeration)
A dictionary of hardware and software platforms identifiers.