Menu

INSTITUTE OF SPECIAL COMMUNICATIONS AND INFORMATION PROTECTION

National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute"

CSIRT-ED

Our mission:
to ensure the cyber resilience of the Institute’s academic space and to forge top-tier professionals by integrating cyber incident response experience into the educational process.

CERT-UA Recommendations

CSIRT-ED Services

Security Information and Event Management

  • System monitoring using an automated Security Information and Event Management (SIEM) system.
  • Detection of anomalous and non-standard system behavior using an automated SIEM system, as well as Intrusion Detection and Prevention Systems (IDS/IPS).
  • Event analysis and incident response.

Cybersecurity Incident Management

  • Receiving cyber incident reports from the constituent community.
  • Cyber incident analysis.
  • Analysis of artifacts and digital forensics data.
  • Mitigation of adverse impacts and restoration of sustainable system operations.
  • Incident coordination.

Vulnerability Management

  • Vulnerability identification and analysis.
  • Analysis of CVE reports and provision of recommendations to mitigate the exploitation of vulnerabilities during cyberattacks.
  • Vulnerability coordination and information sharing with cybersecurity entities.

Situational Awareness

  • Collection and analysis of cyber threat data using network decoys (honeypots).
  • Monitoring of diverse sources reporting on cyber incidents.
  • Open-source intelligence (OSINT) monitoring regarding potential cyber threats, planned information operations and sensitive data leaks, maintaining and updating a database of cybersecurity-related information resources.
  • Analysis and dissemination of collected information.
  • Communication with the constituent community to prevent recurring attacks.

Knowledge Transfer

  • Raising awareness within the constituent community by disseminating information on cyber incidents.
  • Professional development of the team through participation in cybersecurity events (courses, scientific and technical conferences, CTF competitions, hackathons, etc.) and practicing skills on cyber ranges.
  • Development, implementation and testing of scenarios for the cyber range of the Institute’s Training Cyber Operations Center.
  • Collection and categorisation of handled cyber incidents within the MISP (Malware Information Sharing Platform).
  • Organising practical training tasks for higher education students as part of the team's operational activities.

Mandate under RFC 2350

The mandate and core operational information of CSIRT-ED are defined in accordance with the recommendations of RFC 2350 (Expectations for Computer Security Incident Response). RFC 2350 specifies the format and content of the information that Computer Security Incident Response Teams publish to ensure transparency of their activities and effective interaction with the community.

CSIRT-ED ANNUAL REPORT 2025

In 2025, CSIRT-ED provided continuous monitoring and cyber threat response across the Institute's educational infrastructure, effectively combining operational activities with hands-on training for cybersecurity specialists.

Key results:

  • Processed over 1,700 cybersecurity events, focusing on attack detection and vulnerability exploitation attempts.
  • Deployed and enhanced a unified cyber defense perimeter (SIEM, IDS/IPS, honeypots).
  • Engaged 48 students through hands-on participation in CSIRT-ED activities.
  • Developed and implemented proprietary analytical and educational tools for proactive cyber defense.
  • Established a foundation for coordination and information sharing with national cybersecurity stakeholders.

A detailed analysis of events, trends and recommendations is provided in the full CSIRT-ED Annual Report 2025.

See Full Report

Contact Us

CSIRT-ED does not provide a public incident reporting form. Any member of the Institute's constituent community may submit information regarding security incidents, threats or related data by completing the provided template and sending it via email (encrypted communication is supported) to: csirt-ed@iscip.kpi.ua. To report a cyber incident or a cyberattack, please use the standard incident reporting form.

Download Incident Reporting Form

Contact Information
PGP/GPG for secure communication
PGP User ID: CSIRT-ED csirt-ed@iscip.kpi.ua
PGP ID: 0x020B111A10D47172
Fingerprint: D634 2BB3 D2D2 8656 073E 3DFE 020B 111A 10D4 7172
Public PGP Key: CSIRT-ED csirt-ed.asc