About this information

This page covers the contact and organizational information of the CERT-Water Management (CERT-WM) in accordance with IETF RFC2350: https://www.ietf.org/rfc/rfc2350.txt

Date of Last Update

The latest update is from March 4, 2020. This change includes reformatting & restructuring the document.

Distribution List

Changes to this document are not distributed by a mailing list. Any specific questions or remarks please send to the CERT-WM e-mail address: cert@hetwaterschapshuis.nl.

Locations where this Document May Be Found

This document is not publicly available yet.

Authenticating this Document

No signature has been given yet.

Contact Information

Name of the Team

Cyber Emergency Response Team voor Water Management (CERT-WM).

Addresses Mailing address

Het Waterschapshuis CERT-WM
PO Box 2180
3800 CD Amersfoort The Netherlands

Office address

Rijkswaterstaat Security Centre Derde Werelddreef 1
2622 HA Delft
The Netherlands

Time zone

UTC+1 | CET between the last Sunday in October and the last Sunday in March (winter) UTC+2 | CEST | DST between the last Sunday in March and the last Sunday in October (summer)

Mobile Phone

+31 651256522


+31 887986400 (SOC Rijkswaterstaat)

Public Keys and Encryption Information

The CERT-WM uses PGP for signing and en/decrypting information. Relevant keys are available on public PGP/GPG key servers and at:

Team Members

In accordance with national law, the CERT-WM does not publicly publish the names of individual team members. Team members will identify themselves to the reporting party with their full name during official communication regarding an incident.

Other Information

General information about the CERT-WM (in Dutch) can be found here. 


The CERT-WM functions as the CERT for the entire water management sector in the Netherlands and it offers cyber security related services to its constituents.

Mission Statement

The primary mission of the CERT-WM is to actively improve the information and cyber security and resilience of its constituents by means of:

  • proactive advice on security improvements;
  • detection of anomalies;
  • managing (potential) cyber-related incidents that can overcome constituents; 
  • providingtailoredadvisoriesonvulnerabilitiesorpatches.


The constituency of the CERT-WM consists of organizations in the Netherlands involved in national water management (excluding potable-water) and wastewater treatment.

Sponsorship and Affiliation

Funded by Het Waterschapshuis and sponsored by Rijkswaterstaat, the CERT-WM operates in co-operation with the Security Operations Centre (SOC) of Rijkswaterstaat and Het Waterschapshuis.


The authority of the CERT-WM is restricted to advising and assisting its constituents by coordinating the response to cyber-related incidents.


Types of Incidents and Level of Support

The CERT-WM is restricted to handling only cyber-related types of security incidents. The level of support depends on the type of incident and is determined at intake by the CERT- WM. The CERT-WM is not capable of delivering capacity support.

Co-operation, Interaction and Disclosure of Information

While there are legal and ethical restrictions on the flow of information from the CERT- WM, the CERT-WM acknowledges its indebtedness to, and declares its intention to contributing to the spirit of cooperation that created the Internet. Therefore, while appropriate measures are taken to protect the identity of constituents and members of neighboring sites where necessary, the CERT-WM will, if possible, share information freely to assist others in resolving or preventing security incidents.

Communication and Authentication

Regarding the classification of information that the CERT-WM is likely to be dealing with, telephones will be considered sufficiently secure to be used unencrypted. Unencrypted e- mail is considered secure and will be sufficient for the transmission of non-sensitive data. If it is necessary to send highly sensitive data by e-mail or PGP, encrypted attachments will be used. Secure IM-communications will be solely conducted using Threema.


Incident response

The CERT-WM will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

Incident Triage/Taxonomy

  • investigating whether indeed an incident occurred;
  • determining the extent of the incident.

Incident Coordination

The CERT-WM will assist in trying to determine the root cause of the incident as well as collecting evidence and data interpretation.
As stated above, the CERT-WM can contact stakeholders, constituents and other CERTs if the information obtained is considered of interest to those parties and if the content is correctly anonymized.

Incident Resolution

The CERT-WM will advise the constituent on:

  • removing or mitigating the vulnerabilities that caused the incident;
  • securing the systems from the effects caused by the incident.

In addition, the CERT-WM will collect statistics concerning incidents which occur within or involving the community, and will notify the community as necessary to assist in protecting against known attacks.

Proactive Activities

The CERT-WM coordinates and maintains the following services to the extent possible within its resources:

  • list of security contacts per constituent, administrative, organizational and technical;
  • list of used computer systems (software, hardware and services) per constituent to provide:
    • tailored and early warnings of vulnerabilities;
    • tailored and early reporting on patches or updates;
  • coordination of Responsible Disclosure reports;
  • monitoring of web systems used by constituents.

Incident Reporting Forms

There are no pre-defined forms used for reporting incidents to the CERT-WM.


While every precaution will be taken in the preparation of information, notifications and alerts, the CERT-WM assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

The CERT-WM advises constituents and has no authority to order operational activity. Final responsibility therefore remains with the constituents.