Computer Emergency Response Team

The Computer Emergency Response Team (CERT) was formed in 1988 at Carnegie Mellon University's Software Engineering Institute in Pittsburgh, Pennsylvania. CERT issues warnings to governmental agencies and the public at large about viruses and security threats. CERT receives funding from the Department of Defense's Defense Advance Research Projects Agency (DARPA). In 2001, the CERT Coordination Center (CERT/CC) formed an alliance with the private sector as it merged with the Internet Security Alliance (ISA), a group devoted to the improvement of Internet security.

CERT was formed as a response to the Internet Worm incident. In 1988, a Cornell University computer science graduate student named Robert Tappan Morris wrote an experimental program known as a worm; a worm spreads autonomously from one computer to another along a network. Morris released it onto the Internet, and approximately 10 percent of all computers connected to the Internet crashed as a result. According to Richard Power, author of Tangled Web (2000), more than 60,000 computers were shut down because of the Morris worm. This incident caused enough concern to prompt a military-funded agency devoted to protecting Internet and computer systems, and to providing 24-hour monitoring, analysis, and response.

The mission of CERT is to manage, control, monitor, and protect the functioning of the Global Information Grid (GIG). CERT has several specialized branches: ACERT (Army CERT), AFCERT (Air Force CERT), NAVCERT (Navy CERT), and DODCERT (Department of Defense CERT). CERT/CC is a research facility that studies Internet security vulnerabilities, publishes security alerts, and provides training to other agencies. The tasks of CERT/CC can be divided into four main categories: studies of vulnerabilities, indexes, and fixes; security practices and [Page 84]evaluations; survivability research and analysis; and training and education.

Visitors to the CERT/CC Web site can report such incidents of security violations as attempts to enter a system without permission, denial of service attacks, data storage on remote systems without permission, and changes made on hardware without permission. Incident reports can be submitted to CERT by phone, fax, or email. CERT recommends that all email sent to CERT should be encrypted, preferably with the public key encryption tool PGP (Pretty Good Privacy), which can be found at http://www.pgp.com.

CERT has also created a number of CSIRTs (Computer Security Incident Response Teams) that are responsible for reporting security breaches on the Internet. CERT/CC Incident Handling Courses provide a curriculum for the CSIRTs. Other governmental agencies are also responsible for reporting security violations. FedCIRC (Federal Computer Incident Response Center) provides an information infrastructure that centralizes security responses from the Department of Defense, law enforcement and intelligence agencies, and academic institutions.

CERT publicizes its security practices and evaluations capabilities in the CERT Guide to System and Network Security Practices. CERT security practices consist of five steps. First, CERT advises that secure systems be established by having secure connections. Next, the systems must be prepared for intrusions by practicing detection and response. Third, CERT advises that intrusions must be detected quickly. Fourth, responses should be tailored so as to minimize damage to the system. Finally, security should be improved in order to defend against future attacks.

...