Incident notification by telecom operators
Security incident involving no personal data breach
Telecom operators shall inform the BIPT of security incidents reaching one or more of the thresholds below:
- The incident has been lasting for at least 1 hour and is affecting at least 25,000 end-users;
- The incident has an impact on the network and is affecting access to emergency services via this network;
- The incident has an impact on the interconnections located in Belgium, thus affecting other operators in Belgium or abroad;
- The incident has an impact on a network component considered by the operator as critical for the operation of its networks and services.
Notification requirements:
- Operators submit without delay a brief notification over the nature and impact of the incident by e-mail or by telephone (points of contact of the duty office);
- And, within 5 workdays, they send a full notification via the form available on the unified notification platform.
For more information, see the Decision of 14 December 2017.
Security incident involving a personal data breach
The notification must be made on the website of the Belgian data protection authority, which then transfers the notification to the BIPT.
Notification of security incidents referred to in the NIS Act by the entities of the digital infrastructure sector
The digital infrastructure sector includes the following entities:
- Internet exchange points (IXPs);
- DNS service providers;
- Registers of top-level domain names.
The entities of the digital infrastructure sector designated by the BIPT as operators of essential services (OES) report their security incidents via the unified notification platform.
The entities operating in the digital infrastructure sector in Belgium which have not been designated by the BIPT as operators of essential services (OES) may report, on a voluntary basis, incidents with a significant impact on the continuity of the services they provide. They send their notifications to the CCB (Centre for Cybersecurity Belgium) in accordance with the procedures set out on the website of Cert.be (department of the CCB). The CCB will transfer this information regarding these notifications to the Crisis Centre of the government and the BIPT.
Telecom operators: handling of requests from the judicial authorities, the intelligence and security services and the emergency services providing on-site assistance
Telecom operators must establish a coordination cell to respond to information requests from judicial authorities and the intelligence and security services. This cell should be accessible 24/7. Each telecom operator must enter and update the contact details of its cell in the unified notification platform. Each member of this cell must have a positive security advice.
Telecom operators are requested to submit and update on the unified notification platform the contact details of their employees who are able to handle the requests made by emergency services providing on-site assistance. These requests may arise in case of difficult identification or localisation of the caller.
The BIPT duty service and the management of major incidents and crises
The BIPT handles security incidents via its duty team created within the Network Security Department, available 24/7.
The operators (telecom operators and operators of essential services within the meaning of the NIS Act) and the public authorities concerned may contact the duty service. They have received its contact details, which are also available on the unified notification platform.
The BIPT ensures that operators implement (preventive) measures to ensure, in the event of a crisis or major incident originating or not in the information networks and systems of these operators, the service continuity of the latter, continued access to emergency services and the continuity of the public warning system (see section “Access to emergency services and public warning system”). It also participates in the management of these crises and major incidents.
Questions?
If you have any questions (also in case of a problem of access to one of the websites above), please contact the Network Security Department at +32 (0)2 226 89 77 or by e-mail.
Documents
- Communication of 12 April 2023 on the platform SERIMA.be
- Communication of 5 July 2022 on the platform SERIMA.be
- Communication on the platform SERIMA.be
- Consultation on the communication project on the risk analyses
- Support document for the preparation of a security plan
- Decision of 14 December 2017 regarding the thresholds and terms and conditions for reporting of security incidents within the electronic communications sector
- Information Brochure about the Duty to Collaborate with the Judicial Authorities
- BIPT note for the attention of the operators regarding the Act of 1 September 2016 and the “prepaid cards” Royal Decree of 27 November 2016