 |
|
 |
Meet CERT
Appendix A: The CERT Charter
BackgroundThe CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. Following the Morris worm incident, which brought 10 percent of internet systems to a halt in November 1988, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with setting up a center to coordinate communication among experts during security emergencies and to help prevent future incidents. This center was named the CERT Coordination Center (CERT/CC). While we continue to respond to major security incidents and analyze product vulnerabilities, our role has expanded over the years. Along with the rapid increase in the size of the internet and its use for critical functions, there have been progressive changes in intruder techniques, increased amounts of damage, increased difficulty of detecting an attack, and increased difficulty of catching the attackers. To better manage these changes, the CERT/CC is now part of the larger CERT Program, which develops and promotes the use of appropriate technology and systems management practices to resist attacks on networked systems, to limit damage, and to ensure continuity of critical services. Areas of WorkSoftware AssuranceOne of our primary objectives is to analyze the state of internet security and convey that information to the internet community. The CERT/CC monitors public sources of vulnerability information and regularly receives reports of vulnerabilities. After analyzing the potential vulnerabilities, our experts inform technology producers and work with them to facilitate their response to these problems. We also have artifact analysts who analyze malicious code. As part of our work to influence vendors to improve the basic, as-shipped, security within their products, our analysts evaluate the root causes of vulnerabilities and establish secure coding practices. By applying these practices, developers can improve both the security and overall quality of new software. Secure SystemsThe research we are conducting in survivable systems engineering includes analyzing how susceptible systems are to sophisticated attacks and finding ways to improve the design of systems. We are also developing techniques that will enable us to assess and predict current and potential threats to the internet. The results of our research are contributing to our work with network situational awareness. As part of this "operational" component, we are developing tools and techniques that will improve the ability for network administrators to identify what is happening on their networks. These tools and techniques include engineering solutions and research approaches for analyzing broad network activity. The goal is to quantitatively characterize threats and targeted intruder activity. Organizational SecurityOne of our goals is to help organizations protect and defend themselves. To this end, we have developed risk assessments, such as OCTAVE, that help enterprises identify and characterize critical information assets and then identify risks to those assets. Enterprises can apply the results of the assessment to their overall strategy for securing their networked systems. Our work on governance is part of our effort to encourage organizations to develop and maintain an appropriate level of security. The need for a broad focus on organizational security also inspired our work in resiliency management, an approach to security that integrates all of an organization's internal processes and best practices into a larger, overarching process that can be defined, measured, and evaluated. Coordinated ResponseThe scale of emerging networks and the diversity of user communities make it necessary to have global support for addressing computer security issues. Therefore, we regularly work with sites to help them form computer security incident response teams (CSIRTs) and provide guidance and training to both new and existing teams. One particular group we are active with is CSIRTs with national responsibility. CERT played a significant role in the creation and continued evolution of US-CERT, the national CSIRT for the United States, and Q-CERT, the national CSIRT of Qatar. In the realm of local response, CERT is developing tools and training in the area of forensics. Our goal is to supply system and network administrators with the skills and resources they need to become effective first responders for security issues. By understanding and implementing certain approaches and procedures, system and network administrators will be able to collect, preserve, and examine data. Education and TrainingBecause networks are interconnected, the challenge is to educate individuals within organizations to improve the security and survivability of each system. We offer public training courses for technical staff and managers of computer security incident response teams as well as for system administrators and other technical personnel interested in learning more about network security. Some of these classes are also part of our incident handling certification program. In more formalized efforts, CERT has developed a curriculum in survivability and information assurance. In addition, several of our staff members teach courses in the Information Security Management specialization of the Master of Information Systems Management program at Carnegie Mellon University, as well as in the university's CIO Institute. Information DisseminationTo increase awareness of security issues and help organizations improve the security of their systems, we collect and disseminate information through multiple channels:
Publications and PresentationsWe publish articles, research and technical reports, and papers on a variety of security topics. In conjunction with US-CERT, we also publish alerts about internet security problems. CERT staff members are regularly invited to give presentations at conferences, workshops, and meetings. We have found this to be an excellent way to help attendees learn more in the area of network information system security and incident response. Many of our publications and presentations can be found in our publications catalog. Media RelationsCERT works with the news media to raise the awareness of a broad population to the risks they face on the internet and steps they can take to protect themselves. Ultimately, the increased visibility of security issues may lead consumers to demand increased security in the computer systems and network services they buy. CERT is regularly covered in radio, television, print, and online media around the world. Community InvolvementCERT has the opportunity to work with others to improve internet security and network survivability.Participation in OrganizationsWe are active in a variety of organizations committed to security and survivability, includingForum of Incident Response and Security Teams (FIRST) - The CERT/CC was a founding member of FIRST, which is a coalition of individual response teams around the world. Each response team builds trust within its constituent community, and their relationships within those communities enable response teams to be sensitive to the distinct needs, technologies, and policies of their constituents. FIRST members collaborate on incidents that cross boundaries, and they cross-post alerts and advisories on problems relevant to their constituents. Internet Engineering Task Force (IETF) - The IETF is an international organization that is instrumental in developing internet standards. National Security Telecommunications Advisory Committee's Network Security Information Exchange (NSTAC NSIE) - The NSTAC NSIE works to reduce vulnerabilities in critical infrastructures. National EffortsCERT is called upon to advise government leaders or testify before Congressional committees. We have also received requests for assistance and information from many other groups, including the National Threat Assessment Center, the National Security Council, the Homeland Security Council, and the Office of Management and Budget/General Services Administration Electronic Government Initiatives.The CERT/CC also involved with US-CERT, the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). US-CERT draws on CERT/CC capabilities to prevent cyber attacks, protect systems, and respond to the effects of cyber attacks across the internet.
Appendix A: The CERT CharterCERT is chartered to work with the internet community in detecting and resolving computer security incidents, as well as taking steps to prevent future incidents. In particular, our mission is to
CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office. Last updated July 21, 2008 |
