SEARCH news@sei

Other Features		    
2004 | Number 2
 


Microsoft's Pilot of TSP Yields Dramatic Results

Calculating Return on Investment for Software Product Lines

SEPG 2004 Showcases Enterprise Process Improvement in Orlando

 

Download


CERT/CC Instrumental in National Security Effort

 

Archives

Read previous
installments of
the news@sei columns

Read previous features
from news@sei

 

New Issues

If you would like
to be notified
when news@sei
is published,
send a request to
our news-editor.

 

  

CERT/CC Instrumental in National Security Effort
MINDI MCDOWELL

In September 2003, the U.S. Department of Homeland Security announced the creation of the US-CERT, a joint effort between the Department of Homeland Security’s National Cyber Security Division (NCSD), the CERT® Coordination Center (CERT/CC), and the private sector to improve the nation’s cyber security capability. US-CERT will build on CERT/CC capabilities to help prevent cyber attacks, protect systems, and respond to the effects of cyber attacks across the Internet.

Goals

US-CERT’s mission includes
  • identifying, analyzing, and reducing threats and vulnerabilities
  • disseminating threat warning information
  • coordinating incident response
  • providing technical assistance in continuity of operations and recovery
  • serving as a national focal point for the public and private sector regarding cyber security issues

The goal of US-CERT is to reduce the frequency and severity of cyber attacks by building collaborative partnerships among organizations that participate in cyber watch, warning, and response functions. The organizations include computer security incident response teams, information sharing and analysis centers, managed security service providers, information technology vendors, and security product and service providers. The partnerships will strengthen national and international efforts, with each organization offering its own unique resources and expertise. Jeffrey Carpenter, manager of the CERT/CC, notes, “Today, most of the interaction between organizations is informal. But organizations are coming to realize that they have to work together on Internet security. We’re much more powerful together than individually.”

Products

As a national resource, US-CERT must serve a diverse audience that includes technically sophisticated users, inexperienced users, executives, and policymakers. This challenge extends to the products that US-CERT is offering. The CERT/CC and NCSD have jointly developed a new National Cyber Alert System, a series of information products targeted at home and non-technical corporate users and technical experts in businesses and government agencies. There are four products available.

  • Technical Cyber Security Alerts
    These technical alerts, written primarily for system administrators, provide timely information about current security issues, vulnerabilities, and exploits, including potential impact and action required to mitigate threats.
  • Cyber Security Bulletins
    A resource for technical users, these bulletins summarize security issues and new vulnerabilities and include information about patches and workarounds.
  • Cyber Security Alerts
    Similar to Technical Cyber Security Alerts, these alerts also provide timely information about current security issues, vulnerabilities, and exploits, but they are written with language and advice suited to non-technical users. Cyber Security Alerts are published when there is an issue that affects the general public.


  • Cyber Security Tips
    A resource for non-technical home and corporate computer users, Cyber Security Tips describe and offer advice about common security issues. They are published bi-weekly.

CERT/CC Celebrates 15 Years
In November 2003, the CERT Coordination Center celebrated its 15 year anniversary. Established by the Defense Advance Research Projects Agency (DARPA) in 1988, the CERT/CC had multiple functions:

  • responding to computer security threats
  • helping other organizations respond to emergency situations
  • serving as a focal point for identifying and fixing security vulnerabilities
  • assessing the security of systems
  • increasing user awareness about security

Over the years, as the work of the CERT/CC has evolved with society’s increased reliance on technology, the organization has remained committed to its efforts to secure networked systems. The CERT/CC has helped foster the creation and operation of many other response organizations around the world and has established strong relationships with vendors, government agencies, and security experts. Staff members actively participate in a variety of organizations committed to security and survivability and are regularly asked to testify before Congress.

At the anniversary celebration, Rich Pethia, the director of the CERT/CC, looked to the future: “While there is much work yet to be done, I am confident that the professionals in this global watch and warning network will continue to find increasingly effective ways to deal with the new challenges we are sure to face.”

These products are available on the US-CERT Web site, where there are also instructions for how to subscribe to National Cyber Alert System mailing lists.

 

For more information, contact—

Rich Pethia

Phone
412-268-7739


Email
rdp@cert.org


World Wide Web
http://www.us-cert.gov/
   
 
Copyright © 2004 Carnegie Mellon University. All rights reserved.
 
 

 

 
Credits Editor in Chief:
Janet Rex

Production:
Barbara White

Editorial Staff: Hollen Barmer
Carol Biesecker
Bill Thomas
Barbara White		 Editorial Board:
Stephen Blanchette
Lisa Brownsword
Paul Clements
Eileen Forrester
Mindi McDowell
Sally Miller
Bill Pollak