The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Background

The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs (

Auburn University Auburn University (AU or Auburn) is a public land-grant research university in Auburn, Alabama. With more than 24,600 undergraduate students and a total enrollment of more than 30,000 with 1,330 faculty members, Auburn is the second largest uni ...

) when he was a staff member for the

U.S. National Security Council The United States National Security Council (NSC) is the principal forum used by the President of the United States for consideration of national security, military, and foreign policy matters. Based in the White House, it is part of the Exe ...

in 2002 to be a peer organization with other national CERTs such as

AusCERT AusCERT, Founded in 1993, is a non-profit organisation that provides advice and solutions to cybersecurity threats and vulnerabilities. The organisation covers their costs through member subscriptions, attendees to the annual AusCERT conference ...

and CERT-UK, and to be located in the forthcoming Department of Homeland Security (DHS). At the time the United States did not have a national CERT.

Amit Yoran Amit Yoran is chairman and chief executive officer of Tenable, a position held since January 3, 2017. Previously, Yoran was president of computer and network security company RSA. Yoran joined RSA during his tenure as CEO of NetWitness Corp., whi ...

(

Tenable, Inc. Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus. History Tenable was founded in 2002 as Tenable Network Security, Inc. The original co-founders of ...

, CEO), DHS's first Director of the National Cyber Security Division, launched the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the Internet infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first Director of the US-CERT was Jerry Dixon ( CrowdStrike, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt ( NASA, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock ( Microsoft, SSIRP Crisis Lead), Chris Sutton ( Export-Import Bank of the United States, CISO & CPO), Jay Brown ( USG, Senior Exec Cyber Operations), Mark Henderson ( IRS, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs ( Treasury, Director/Chief of Operations), Rafael Nunez ( DHS/ CISA), Ron Dow (

General Dynamics General Dynamics Corporation (GD) is an American publicly traded, aerospace and defense corporation headquartered in Reston, Virginia. As of 2020, it was the fifth-largest defense contractor in the world by arms sales, and 5th largest in the Uni ...

, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter ( Deloitte, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher (

Goldman Sachs Goldman Sachs () is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered at 200 West Street in Lower Manhattan, with regional headquarters in London, Warsaw, Bangalore, H ...

, VP Cyber Threat Intelligence), Reggie McKinney ( VA) and several other cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by Mischel Kwon (Mischel Kwon and Associates) in June 2008. When Mischel Kwon departed in 2009, a major reorganization occurred which created the National Cybersecurity and Communications Integration Center (NCCIC). US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and vulnerabilities to the public via its National Cyber Awareness System (NCAS). US-CERT operates side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to industrial control systems. Both entities operate together within NCCIC to provide a single source of support to critical infrastructure stakeholders.

Capabilities

There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.

Threat Analysis and information sharing

This feature is involved with reviewing, researching, vetting and documenting all Computer Network Defense (CND) attributes which are available to US-CERT, both

classified Classified may refer to: General *Classified information, material that a government body deems to be sensitive *Classified advertising or "classifieds" Music *Classified (rapper) (born 1977), Canadian rapper *The Classified, a 1980s American roc ...

and unclassified. It helps promote improved mitigation resources of federal departments and agencies across the

Einstein Albert Einstein ( ; ; 14 March 1879 – 18 April 1955) was a German-born theoretical physicist, widely acknowledged to be one of the greatest and most influential physicists of all time. Einstein is best known for developing the theory ...

network by requesting deployment of countermeasures in response to credible

cyber threats A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...

. This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.

Digital analytics

This feature conducts digital forensic examinations and

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.

Operations

This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops near real-time/rapid response community products (e.g., reports, white papers). When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.

Communications

This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of collaboration tools.

International

This feature partners with foreign governments and entities to enhance the global cybersecurity defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing

standards Standard may refer to: Symbols * Colours, standards and guidons, kinds of military signs * Standard (emblem), a type of a large symbol or emblem used for identification Norms, conventions or requirements * Standard (metrology), an object th ...

Criticism

A January 2015 report by Senator Tom Coburn, ranking member of the

Committee on Homeland Security and Governmental Affairs The United States Senate Committee on Homeland Security and Governmental Affairs is the chief oversight committee of the United States Senate. It has jurisdiction over matters related to the Department of Homeland Security and other homeland ...

, expressed concern that " S-CERTdoes not always provide information nearly as quickly as alternative private sector threat analysis companies".

References

External links

*
NCCIC National Cybersecurity and Communications Integration Center

ICS-CERT Industrial Control Systems Computer Emergency Response Team

Forum of Incident Response and Security Teams - Members
{{Authority control

Computer Emergency Readiness Team A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT). A more modern ...

Computer emergency response teams