A computer emergency response team, also known as CERT, is a group of computer experts who deal with cyber-security threats. There are approximately 250 CERT groups located around the world. These teams are often government funded, but some are also operated through private security firms. Different branches of the military have their own CERT teams, and the official US-CERT team is operated through America’s Department of Homeland Security. CERT can also stand for computer emergency readiness team, and some teams have adopted the moniker C-SIRT, which stands for computer security incident response team. A computer emergency response team is tasked with anticipating, recognizing, and responding to threats to Internet security that are aimed at private companies and governments.
The first officially organized computer emergency response team was formed at the Carnegie Mellon Software Engineering Institute. This group often deals with a wide variety of different cyber-security threats. The team can assess internal threats from within corporations or government groups or external threats coming from computer hackers or hostile nations. In addition, the CERT team from Carnegie Mellon advises on network security risks and ways to stay ahead of security threats. The team also does computer forensics to analyze machines that were found to have started or spread cyber attacks. It also offers certification for software engineers through its computer security incident handler program.
The computer emergency response team of the United States government is part of the National Cyber Security Division. US-CERT responds against cyber attacks and is responsible for protecting the nation’s cyber infrastructure. As cyber attacks are sometimes launched from unfriendly nations, much of the information about the threats that US-CERT responds to is classified or unknown. For example, the U.S. government informed the media that it had been the victim of a cyber attack by North Korea in 2009. Although the government announced that many computers had been affected by the attack, very little additional information was made available. Likewise, information about the CERT teams operated by different military branches is often sparse.
The threats that a computer emergency response team deals with include cyber attacks from hostile nations, computer hackers, and terrorist groups. Hostile nations are considered the highest threat level against cyber infrastructure. Criminal organizations sometimes launch profit-based attacks in an attempt to steal money or identities. Espionage crimes include stealing sensitive information from government computers or networks. CERT teams consider these groups to be mid-level threats. Terrorist groups and lone hackers are considered low-level threats, because they often lack the technological resources to launch widespread attacks. A computer emergency response team may deal with threats from some or all of these groups.