The United States Computer Emergency Readiness Team (US-CERT) was a team under the

Cybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cyber ...

of the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior, home, or public security ministries in other countries. Its missions invol ...

. On February 24, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA's mission. CISA continues to be responsible for coordinating cybersecurity programs within the U.S. government to protect against malicious cyber activity, including activity related to industrial control systems. In keeping with this responsibility, CISA continues responding to incidents, providing technical assistance, and disseminating timely notifications of cyber threats and vulnerabilities. US-CERT was a branch of the National Cybersecurity and Communications Integration Center of the Office of Cybersecurity and Communications. US-CERT was responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brought advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Background

The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs (

Auburn University Auburn University (AU or Auburn) is a Public university, public Land-grant university, land-grant research university in Auburn, Alabama, United States. With more than 26,800 undergraduate students, over 6,100 post-graduate students, and a tota ...

) when he was a staff member for the U.S. National Security Council in 2002 to be a peer organization with other national CERTs such as

AusCERT AusCERT is a non-profit organisation founded in 1993 that provides advice, education and solutions to cybersecurity threats and vulnerabilities. Their office is located on the University of Queensland campus. History In the early 1990s, Au ...

and CERT-UK, and to be located in the then forthcoming

(DHS). At the time the United States did not have a national CERT.

Amit Yoran Amit Yoran (December 1, 1970 – January 3, 2025) was an American businessman, most notable as the chief executive officer of Tenable, Inc. from January 2017 to December 2024. He was also a member of the board of directors of the Center for Inte ...

(

Tenable, Inc. Tenable Holdings, Inc. is a cybersecurity company based in Columbia, Maryland. Its vulnerability scanner software Nessus, developed in 1998, is one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry. ...

, CEO), DHS's first Director of the National Cyber Security Division, launched the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

infrastructure of the United States by coordinating defense against and responding to

cyber-attacks A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...

. The first Director of the US-CERT was Jerry Dixon (

CrowdStrike CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of seve ...

, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt (

NASA The National Aeronautics and Space Administration (NASA ) is an independent agencies of the United States government, independent agency of the federal government of the United States, US federal government responsible for the United States ...

, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock (

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

, SSIRP Crisis Lead), Chris Sutton ( Export-Import Bank of the United States, CISO & CPO), Jay Brown ( USG, Senior Exec Cyber Operations), Mark Henderson (

IRS The Internal Revenue Service (IRS) is the revenue service for the Federal government of the United States, United States federal government, which is responsible for collecting Taxation in the United States, U.S. federal taxes and administerin ...

, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs (

Treasury A treasury is either *A government department related to finance and taxation, a finance ministry; in a business context, corporate treasury. *A place or location where treasure, such as currency or precious items are kept. These can be ...

, Director/Chief of Operations), Rafael Nunez ( DHS/ CISA), Ron Dow (

General Dynamics General Dynamics Corporation (GD) is an American publicly traded aerospace and defense corporation headquartered in Reston, Virginia. As of 2020, it was the fifth largest defense contractor in the world by arms sales and fifth largest in the Unit ...

, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter (

Deloitte Deloitte is a multinational professional services network based in London, United Kingdom. It is the largest professional services network in the world by revenue and number of employees, and is one of the Big Four accounting firms, along wi ...

, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher (

Goldman Sachs The Goldman Sachs Group, Inc. ( ) is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered in Lower Manhattan in New York City, with regional headquarters in many internationa ...

, VP Cyber Threat Intelligence), Reggie McKinney ( VA) and several other cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by

Mischel Kwon Mischel Kwon is an American computer security expert and former director of the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security. She is the founder and CEO of MKACyber, a cybersecurity operation ...

(Mischel Kwon and Associates) in June 2008. When

departed in 2009, a major reorganization occurred which created the National Cybersecurity and Communications Integration Center (NCCIC). US-CERT was the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

to the public via its National Cyber Awareness System (NCAS). US-CERT operated side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to

industrial control system An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and in ...

s. Both entities operated together within NCCIC to provide a single source of support to

critical infrastructure Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security. ...

stakeholders.

Capabilities

There were five operational aspects which enabled US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.

Threat Analysis and information sharing

This feature is involved with reviewing, researching,

vetting Vetting is the process of performing a background check on someone before offering them employment, conferring an award, or doing fact-checking prior to making any decision. In addition, in intelligence gathering, assets are vetted to determin ...

and documenting all Computer Network Defense (CND) attributes which are available to US-CERT, both

classified Classified may refer to: General *Classified information, material that a government body deems to be sensitive *Classified advertising or "classifieds" Music *Classified (rapper) (born 1977), Canadian rapper * The Classified, a 1980s American ro ...

and unclassified. It helps promote improved mitigation resources of federal departments and agencies across the

Einstein Albert Einstein (14 March 187918 April 1955) was a German-born theoretical physicist who is best known for developing the theory of relativity. Einstein also made important contributions to quantum mechanics. His mass–energy equivalence f ...

network by requesting deployment of countermeasures in response to credible cyber threats. This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and

, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.

Digital analytics

This feature conducts digital

forensic Forensic science combines principles of law and science to investigate criminal activity. Through crime scene investigations and laboratory analysis, forensic scientists are able to link suspects to evidence. An example is determining the time and ...

examinations and

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.

Operations

This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops

near real-time Real-time computing (RTC) is the computer science term for hardware and software systems subject to a "real-time constraint", for example from event to system response. Real-time programs must guarantee response within specified time constrai ...

/rapid response community products (e.g.,

reports A report is a document or a statement that presents information in an organized format for a specific audience and purpose. Although summaries of reports may be delivered orally, complete reports are usually given in the form of written documen ...

white papers A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. Since the 199 ...

). When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.

Communications

This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of

collaboration tool A collaboration tool helps people to collaborate. The purpose of a collaboration tool is to support a group of two or more individuals to accomplish a common goal or objective. Collaboration tools can be either of a non-technological nature suc ...

International

This feature partners with foreign governments and entities to enhance the global

cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...

defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing

standards Standard may refer to: Symbols * Colours, standards and guidons, kinds of military signs * Standard (emblem), a type of a large symbol or emblem used for identification Norms, conventions or requirements * Standard (metrology), an object t ...

Criticism

A January 2015 report by Senator

Tom Coburn Thomas Allen Coburn (March 14, 1948 – March 28, 2020) was an American politician and medical doctor, physician who served as a United States senator from Oklahoma from 2005 to 2015. A Republican Party (United States), Republican, Coburn ...

, ranking member of the Committee on Homeland Security and Governmental Affairs, expressed concern that " S-CERTdoes not always provide information nearly as quickly as alternative private sector threat analysis companies".

References

External links

*
NCCIC National Cybersecurity and Communications Integration Center

ICS-CERT Industrial Control Systems Computer Emergency Response Team

Forum of Incident Response and Security Teams – Members
{{Authority control Computer Emergency Readiness Team Computer emergency response teams 2003 establishments in Virginia Government agencies established in 2003