The United States Computer Emergency Readiness Team (US-CERT) is an organization within the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-ter ...

’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C)

National Cybersecurity and Communications Integration Center The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate var ...

(NCCIC). US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Background

The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs (

Auburn University Auburn University (AU or Auburn) is a public land-grant research university in Auburn, Alabama. With more than 24,600 undergraduate students and a total enrollment of more than 30,000 with 1,330 faculty members, Auburn is the second largest ...

) when he was a staff member for the U.S. National Security Council in 2002 to be a peer organization with other national CERTs such as

AusCERT AusCERT, Founded in 1993, is a non-profit organisation that provides advice and solutions to cybersecurity threats and vulnerabilities. The organisation covers their costs through member subscriptions, attendees to the annual AusCERT conference ...

and CERT-UK, and to be located in the forthcoming

(DHS). At the time the United States did not have a national CERT.

Amit Yoran Amit Yoran is chairman and chief executive officer of Tenable, a position held since January 3, 2017. Previously, Yoran was president of computer and network security company RSA. Yoran joined RSA during his tenure as CEO of NetWitness Corp., w ...

( Tenable, Inc., CEO), DHS's first Director of the National Cyber Security Division, launched the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...

infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first Director of the US-CERT was Jerry Dixon ( CrowdStrike, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt (

NASA The National Aeronautics and Space Administration (NASA ) is an independent agency of the US federal government responsible for the civil space program, aeronautics research, and space research. NASA was established in 1958, succeedin ...

, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock (

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...

, SSIRP Crisis Lead), Chris Sutton ( Export-Import Bank of the United States, CISO & CPO), Jay Brown ( USG, Senior Exec Cyber Operations), Mark Henderson (

IRS The Internal Revenue Service (IRS) is the revenue service for the United States federal government, which is responsible for collecting U.S. federal taxes and administering the Internal Revenue Code, the main body of the federal statutory tax ...

, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs (

Treasury A treasury is either *A government department related to finance and taxation, a finance ministry. *A place or location where treasure, such as currency or precious items are kept. These can be state or royal property, church treasure or i ...

, Director/Chief of Operations), Rafael Nunez (

DHS The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-ter ...

/ CISA), Ron Dow (

General Dynamics General Dynamics Corporation (GD) is an American publicly traded, aerospace and defense corporation headquartered in Reston, Virginia. As of 2020, it was the fifth-largest defense contractor in the world by arms sales, and 5th largest in the Uni ...

, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter (

Deloitte Deloitte Touche Tohmatsu Limited (), commonly referred to as Deloitte, is an international professional services network headquartered in London, England. Deloitte is the largest professional services network by revenue and number of professio ...

, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher (

Goldman Sachs Goldman Sachs () is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered at 200 West Street in Lower Manhattan, with regional headquarters in London, Warsaw, Bangalore, Ho ...

, VP Cyber Threat Intelligence), Reggie McKinney ( VA) and several other cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by Mischel Kwon (Mischel Kwon and Associates) in June 2008. When Mischel Kwon departed in 2009, a major reorganization occurred which created the

(NCCIC). US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

to the public via its National Cyber Awareness System (NCAS). US-CERT operates side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to industrial control systems. Both entities operate together within NCCIC to provide a single source of support to

critical infrastructure Critical infrastructure (or critical national infrastructure (CNI) in the UK) is a term used by governments to describe assets that are essential for the functioning of a society and economy – the infrastructure. Most commonly associated w ...

stakeholders.

Capabilities

There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.

Threat Analysis and information sharing

This feature is involved with reviewing, researching,

vetting Vetting is the process of performing a background check on someone before offering them employment, conferring an award, or doing fact-checking prior to making any decision. In addition, in intelligence gathering, assets are vetted to determine t ...

and documenting all Computer Network Defense (CND) attributes which are available to US-CERT, both

classified Classified may refer to: General *Classified information, material that a government body deems to be sensitive *Classified advertising or "classifieds" Music *Classified (rapper) (born 1977), Canadian rapper * The Classified, a 1980s American ro ...

and unclassified. It helps promote improved mitigation resources of federal departments and agencies across the

Einstein Albert Einstein ( ; ; 14 March 1879 – 18 April 1955) was a German-born Theoretical physics, theoretical physicist, widely acknowledged to be one of the greatest and most influential physicists of all time. Einstein is best known for d ...

network by requesting deployment of countermeasures in response to credible

cyber threats A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...

. This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and

, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.

Digital analytics

This feature conducts digital

forensic Forensic science, also known as criminalistics, is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal p ...

examinations and

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.

Operations

This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops near real-time/rapid response community products (e.g., reports,

white papers A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. A white paper ...

). When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.

Communications

This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of collaboration tools.

International

This feature partners with foreign governments and entities to enhance the global

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing

standards Standard may refer to: Symbols * Colours, standards and guidons, kinds of military signs * Standard (emblem), a type of a large symbol or emblem used for identification Norms, conventions or requirements * Standard (metrology), an object t ...

Criticism

A January 2015 report by Senator Tom Coburn, ranking member of the

Committee on Homeland Security and Governmental Affairs The United States Senate Committee on Homeland Security and Governmental Affairs is the chief oversight committee of the United States Senate. It has jurisdiction over matters related to the Department of Homeland Security and other homeland s ...

, expressed concern that " S-CERTdoes not always provide information nearly as quickly as alternative private sector threat analysis companies".

References

External links

*
NCCIC National Cybersecurity and Communications Integration Center

ICS-CERT Industrial Control Systems Computer Emergency Response Team

Forum of Incident Response and Security Teams - Members
{{Authority control Computer Emergency Readiness Team Computer emergency response teams