United States Computer Emergency Readiness Team

United States Computer Emergency Readiness Team
	Logo of the team
Agency overview
Formed	September 2003
Preceding agency	FedCIRC;
Headquarters	DHS Ballston Facility, 1110 N Glebe Rd, Arlington, VA 22201
Annual budget	$93 million (2013)
Parent agency	Cybersecurity and Infrastructure Security Agency
Website	US-CERT.gov

Last updated September 15, 2024

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

On February 24, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA's mission. CISA will continue to be responsible for coordinating cybersecurity programs within the U.S. government to protect against malicious cyber activity, including activity related to industrial control systems. In keeping with this responsibility, CISA will continue responding to incidents, providing technical assistance, and disseminating timely notifications of cyber threats and vulnerabilities.^[2]

US-CERT was a branch of the National Cybersecurity and Communications Integration Center of the Office of Cybersecurity and Communications.^[3] US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.^[4]

The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Background

The concept of a national Computer Emergency Response Team (CERT) for the United States was proposed by Marcus Sachs (Auburn University) when he was a staff member for the U.S. National Security Council in 2002 to be a peer organization with other national CERTs such as AusCERT and CERT-UK, and to be located in the forthcoming Department of Homeland Security (DHS). At the time the United States did not have a national CERT. Amit Yoran (Tenable, Inc., CEO), DHS's first Director of the National Cyber Security Division, launched the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the Internet infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first Director of the US-CERT was Jerry Dixon (CrowdStrike, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt (NASA, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock (Microsoft, SSIRP Crisis Lead), Chris Sutton (Export-Import Bank of the United States, CISO & CPO), Jay Brown (USG, Senior Exec Cyber Operations), Mark Henderson (IRS, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs (Treasury, Director/Chief of Operations), Rafael Nunez (DHS/CISA), Ron Dow (General Dynamics, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter (Deloitte, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher (Goldman Sachs, VP Cyber Threat Intelligence), Reggie McKinney (VA) and several other cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by Mischel Kwon (Mischel Kwon and Associates) in June 2008. When Mischel Kwon departed in 2009, a major reorganization occurred which created the National Cybersecurity and Communications Integration Center (NCCIC).

US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and vulnerabilities to the public via its National Cyber Awareness System (NCAS).^[5]

US-CERT operates side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to industrial control systems. Both entities operate together within NCCIC to provide a single source of support to critical infrastructure stakeholders.^[6]

Capabilities

There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.^[7]

Threat Analysis and information sharing

This feature is involved with reviewing, researching, vetting and documenting all Computer Network Defense (CND) attributes which are available to US-CERT, both classified and unclassified.

It helps promote improved mitigation resources of federal departments and agencies across the Einstein network by requesting deployment of countermeasures in response to credible cyber threats.

This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.

Digital analytics

This feature conducts digital forensic examinations and malware artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.

Operations

This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops near real-time/rapid response community products (e.g., reports, white papers).

When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.

Communications

This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of collaboration tools.

International

This feature partners with foreign governments and entities to enhance the global cybersecurity defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing standards.

Criticism

A January 2015 report by Senator Tom Coburn, ranking member of the Committee on Homeland Security and Governmental Affairs, expressed concern that "[US-CERT] does not always provide information nearly as quickly as alternative private sector threat analysis companies".^[8]

Related Research Articles

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003.

An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by US-CERT, https://www.us-cert.gov/ US-CERT is managed by National Cybersecurity and Communications Integration Center (NCCIC), which is part of Cybersecurity and Infrastructure Security Agency (CISA), within the U.S. Department of Homeland Security (DHS). CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC) realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. US-CERT analyzes each vulnerability and determines if it is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.

The EINSTEIN System is a network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

The Director of the Cybersecurity and Infrastructure Security Agency is a high level civilian official in the United States Department of Homeland Security. The Director, as head of Cybersecurity and Infrastructure Security Agency at DHS, is the principal staff assistant and adviser to both the Secretary of Homeland Security and the Deputy Secretary of Homeland Security for all DHS programs designed to reduce the nation's risk to terrorism and natural disasters. The Director is appointed from civilian life by the President with the consent of the Senate to serve at the pleasure of the President.

Control system security, or industrial control system (ICS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

The Cyber Security Division (CSD) is a division of the Science and Technology Directorate (S&T Directorate) of the United States Department of Homeland Security (DHS). Within the Homeland Security Advanced Research Projects Agency, CSD develops technologies to enhance the security and resilience of the United States' critical information infrastructure from acts of terrorism. S&T supports DHS component operational and critical infrastructure protections, including the finance, energy, and public utility sectors, as well as the first responder community.

The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

The Cybersecurity Information Sharing Act is a United States federal law designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, and passed in the Senate on October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), also known as the New Jersey Office of Homeland Security and Preparedness' (NJOHSP) Division of Cybersecurity, is the first American state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses, and citizens in New Jersey. Located at NJ’s Regional Operations and Intelligence Center (ROIC), and acting in a cyber fusion center capacity the NJCCIC is composed of staff from NJOHSP, the NJ Office of Information Technology, and the NJ State Police. The NJCCIC's nomenclature is derived from its federal counterpart, the National Cybersecurity and Communications Integration Center, which encompasses the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT).

Brigadier GeneralGregory (Greg) J. Touhill is Director of the world renowned Carnegie Mellon University Software Engineering Institute’s CERT Division. Previously, he was the president of AppGate Federal Group . He was previously appointed by President Barack Obama as the first Federal Chief Information Security Officer of the United States, stepping down in January, 2017. He was previously the Deputy Assistant Secretary, Office of Cybersecurity and Communications, National Programs and Protection Directorate, Department of Homeland Security. While at DHS he concurrently served as Director of the National Cybersecurity and Communications Integration Center (NCCIC) during 2014–2015.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

TR-CERT is an organization within the Information and Communication Technologies Authority (ICTA) which is the national regulatory authority of the Turkish electronic communication sector. It is responsible for the analysis and risk mitigation of large-scale cyber threats and vulnerabilities, communicating information regarding malicious cyber activities or possible vulnerabilities to computer security incident response teams (CSIRT) and the public.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

References

↑ DHS (2013). FY 2013 Budget in Brief (PDF) (Report). Archived (PDF) from the original on 2017-01-18. Retrieved 2017-01-02.
↑ "US-CERT and ICS-CERT Transition to CISA | CISA". www.cisa.gov. 24 February 2023. Retrieved 14 June 2024. This article incorporates text from this source, which is in the public domain .
↑ "About the National Cybersecurity and Communications Integration Center". Archived from the original on September 4, 2013. Retrieved September 4, 2013.
↑ "US-CERT Infosheet Version 2" (PDF). Archived (PDF) from the original on May 12, 2013. Retrieved September 4, 2013.
↑ "US-CERT About Us". Archived from the original on September 10, 2013. Retrieved September 4, 2013.
↑ "More Information about the Industrial Control Systems Cyber Emergency Response Team". Archived from the original on October 6, 2013. Retrieved September 4, 2013.
↑ "US-CERT Home Page". Archived from the original on November 11, 2008. Retrieved September 4, 2013.
↑ Coburn, Tom. (January 2015). "A Review of the Department of Homeland Security's Missions and Performance". hsgac.senate.gov. Archived from the original on September 6, 2023. Retrieved December 20, 2015.

External links

This article incorporates public domain material from websites or documents of the United States Department of Homeland Security .

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] DHS (2013). FY 2013 Budget in Brief (PDF) (Report). Archived (PDF) from the original on 2017-01-18. Retrieved 2017-01-02.

[2] "US-CERT and ICS-CERT Transition to CISA | CISA". www.cisa.gov. 24 February 2023. Retrieved 14 June 2024. This article incorporates text from this source, which is in the public domain .

[About_NCCIC-3] "About the National Cybersecurity and Communications Integration Center". Archived from the original on September 4, 2013. Retrieved September 4, 2013.

[US-CERT_Infosheet-4] "US-CERT Infosheet Version 2" (PDF). Archived (PDF) from the original on May 12, 2013. Retrieved September 4, 2013.

[US-CERT_About_Us-5] "US-CERT About Us". Archived from the original on September 10, 2013. Retrieved September 4, 2013.

[ICS-CERT-6] "More Information about the Industrial Control Systems Cyber Emergency Response Team". Archived from the original on October 6, 2013. Retrieved September 4, 2013.

[US-CERT_Home_Page-7] "US-CERT Home Page". Archived from the original on November 11, 2008. Retrieved September 4, 2013.

[8] Coburn, Tom. (January 2015). "A Review of the Department of Homeland Security's Missions and Performance". hsgac.senate.gov. Archived from the original on September 6, 2023. Retrieved December 20, 2015.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]