United States Computer Emergency Readiness Team
   HOME

TheInfoList



Click Here for Items Related To - United States Computer Emergency Readiness Team
OR:
United States Computer Emergency Readiness Team on:   [Wikipedia]   [Google]   [Amazon]

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS)
Cybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection across all levels of government, ...
(CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.


Background

The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs ( Auburn University) when he was a staff member for the U.S. National Security Council in 2002 to be a peer organization with other national CERTs such as AusCERT and CERT-UK, and to be located in the forthcoming Department of Homeland Security (DHS). At the time the United States did not have a national CERT. Amit Yoran ( Tenable, Inc., CEO), DHS's first Director of the National Cyber Security Division, launched the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first Director of the US-CERT was Jerry Dixon (
CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in inves ...
, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt (
NASA The National Aeronautics and Space Administration (NASA ) is an independent agencies of the United States government, independent agency of the US federal government responsible for the civil List of government space agencies, space program ...
, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock (
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
, SSIRP Crisis Lead), Chris Sutton ( Export-Import Bank of the United States, CISO & CPO), Jay Brown ( USG, Senior Exec Cyber Operations), Mark Henderson ( IRS, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs ( Treasury, Director/Chief of Operations), Rafael Nunez (
DHS The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-ter ...
/ CISA), Ron Dow ( General Dynamics, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter (
Deloitte Deloitte Touche Tohmatsu Limited (), commonly referred to as Deloitte, is an international professional services network headquartered in London, England. Deloitte is the largest professional services network by revenue and number of professio ...
, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher ( Goldman Sachs, VP Cyber Threat Intelligence), Reggie McKinney ( VA) and several other cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by Mischel Kwon (Mischel Kwon and Associates) in June 2008. When Mischel Kwon departed in 2009, a major reorganization occurred which created the National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and vulnerabilities to the public via its National Cyber Awareness System (NCAS). US-CERT operates side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to
industrial control system An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and in ...
s. Both entities operate together within NCCIC to provide a single source of support to critical infrastructure stakeholders.


Capabilities

There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.


Threat Analysis and information sharing

This feature is involved with reviewing, researching, vetting and documenting all Computer Network Defense (CND) attributes which are available to US-CERT, both classified and unclassified. It helps promote improved mitigation resources of federal departments and agencies across the Einstein network by requesting deployment of countermeasures in response to credible cyber threats. This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.


Digital analytics

This feature conducts digital
forensic Forensic science, also known as criminalistics, is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal p ...
examinations and malware artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.


Operations

This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops
near real-time Real-time computing (RTC) is the computer science term for hardware and software systems subject to a "real-time constraint", for example from event to system response. Real-time programs must guarantee response within specified time constrai ...
/rapid response community products (e.g., reports, white papers). When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.


Communications

This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of
collaboration tool A collaboration tool helps people to collaborate. The purpose of a collaboration tool is to support a group of two or more individuals to accomplish a common goal or objective. Collaboration tools can be either of a non-technological nature suc ...
s.


International

This feature partners with foreign governments and entities to enhance the global
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing standards.


Criticism

A January 2015 report by Senator
Tom Coburn Thomas Allen Coburn (March 14, 1948 – March 28, 2020) was an American politician and physician who served as a United States senator for Oklahoma from 2005, until his resignation in 2015. A Republican, he previously served as a United St ...
, ranking member of the Committee on Homeland Security and Governmental Affairs, expressed concern that " S-CERTdoes not always provide information nearly as quickly as alternative private sector threat analysis companies".


See also

* Alert (TA15-337A) *
CERT Coordination Center The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/C ...
* Einstein (US-CERT program) * National Infrastructure Security Co-ordination Centre


References


External links

*
NCCIC National Cybersecurity and Communications Integration Center

ICS-CERT Industrial Control Systems Computer Emergency Response Team

Forum of Incident Response and Security Teams - Members
{{Authority control Computer Emergency Readiness Team Computer emergency response teams