RFC2350

About this document

This document covers the contact and organizational information of the
CERT-Water Management (CERT-WM) in accordance with IETF RFC2350: https://www.ietf.org/rfc/rfc2350.txt

Date of Last Update

The latest update is from June 20, 2026.

Publication

The most current version can always be found at the website of the CERT-WM: https://www.cert-wm.nl. Any questions regarding the content of this document can be sent to mailto:info@cert-wm.nl.

Contact Information

Name of the Team

Cyber Emergency Response Team voor Water Management (CERT-WM).

Addresses

Time zone

Europe/Amsterdam

UTC+1 | CET between the last Sunday in October and the last Sunday in March (winter).

UTC+2 | CEST | DST between the last Sunday in March and the last Sunday in October (summer).

Telephone

+31 85 064 04 34

Public Keys and Encryption Information

The CERT-WM uses PGP for signing and en/decrypting information.

Our current public PGP/GPG key is: 6FFA 83C9 F6B4 2D9D 2C32  A588 578D 9EA6 7174 2AF8

Team Members

In accordance with national law, the CERT-WM does not publicly publish the names of individual team members. Team members will identify themselves to the reporting party with their full name during official communication regarding an incident.

Other Information

General information about the CERT-WM (in Dutch) can be found at:

https://www.cert-wm.nl

Charter

The constituency of CERT-WM consists of Dutch water authorities and organizations that primarily support water management activities, such as hydrological laboratories and wastewater treatment services (excluding drinking water). 

Mission Statement

The primary mission of CERT-WM is to strengthen the information security, cybersecurity, and resilience of its constituents by:

• providing proactive advice on security improvements;
• detecting and analyzing anomalies and emerging threats;
• coordinating and supporting the management of (potential) cyber incidents that may exceed the capabilities of individual constituents;
• delivering tailored advisories on vulnerabilities, threats, and remediation measures.

Constituency

The constituency of the CERT-WM consists of organizations in the Netherlands involved in national water management (excluding potable-water) and wastewater treatment like water boards.

Sponsorship and Affiliation

Funded by Het Waterschapshuis and sponsored by Rijkswaterstaat, the CERT-WM operates as a co-operation of the Security Operations Centre (SOC) of Rijkswaterstaat and Het Waterschapshuis.

Authority

The authority of the CERT-WM is restricted to advising and assisting its constituents by coordinating the response to cyber-related incidents.

Policies

Types of Incidents and Level of Support

The CERT-WM is restricted to handling only cyber-related types of security incidents. The CERT-WM advises or informs constituents. More information is available in the CERT-WM charter.

Co-operation, Interaction and Disclosure of Information

While appropriate measures are taken to protect the identity of constituents and members of neighbouring sites where necessary, the CERT-WM will -if possible- share information freely to assist others in resolving or preventing security incidents.

Communication and Authentication

Regarding the classification of information that the CERT-WM is likely to be dealing with, telephones will be considered sufficiently secure to be used unencrypted. Unencrypted e-mail is considered secure and will be sufficient for the transmission of non-sensitive data. If it is necessary to send sensitive data by e-mail, encrypted attachments and PGP will be used. Secure IM-communications will be conducted using Cyware. The main communication method between CERT-WM and her constituents is the secure collaboration platform.

Services

Incident response

The CERT-WM will provide assistance or advice with respect to the following aspects of incident management:

Incident Triage/Taxonomy

• Investigate whether indeed an incident occurred.
• Determinate the extent of the incident.

Incident Coordination 

The CERT-WM can contact stakeholders, constituents and other CERTs if the information obtained is considered of interest to those.

Proactive Activities

The CERT-WM coordinates and maintains the following services to the extent possible within its resources:

• List of security contacts per constituent, administrative, organizational and technical.
• List of used computer systems (software, hardware and services) per constituent to provide: 
  • tailored and early warnings of vulnerabilities;
  • tailored and early reporting on patches or updates.
• Coordination of RD/CVD  reports.
• Monitoring of web systems used by constituents.

*For a up-to-date and complete list of services please check the "Services" (NL: Diensten) part of the CERT-WM public website.

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, the CERT-WM assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

The CERT-WM advises constituents and has no authority to order operational activities. Final responsibility therefore remains with the constituents.