Login

Promote Your Company       |     Contact

Independent Cyber News.

Computer Emergency Response Teams and Their Critical Role in Protecting Australian Digital Assets
ANZ | Critical Infrastructure | Cyber Resilience | Investment | Network Security | Security Operations | Threat Intelligence
Posted: Thursday, Jun 26

i 3 Table of Contents

Computer Emergency Response Teams and Their Critical Role in Protecting Australian Digital Assets
From Ivano Bongiovanni

Introduction

Computer Emergency Response Teams (CERTs) are the unsung heroes of cybersecurity. There are many myths about their role and function. Contrary to popular belief they don’t certify cybersecurity professionals, and many don’t do emergency response.  

Operating in the background, CERTs provide vital functions in anticipating and reducing the impact of cyber-attacks. The first CERT, the CERT/CC, was established in 1988, by the US Defense Advanced Research Projects Agency (DARPA), in response to the release of one of the first computer worms. The Morris Worm was unleashed by a student from the Massachusetts Institute of Technology and took down 10% of the internet. 

A Changing Face

Over the last four decades CERTs, such as CERT Australia and AUSCERT, have evolved to meet the challenges of an ever-evolving cybersecurity landscape. AUSCERT, for example, was established in direct response to a university student who hacked NASA during his spare time in the 1990s. This breach triggered a chain reaction to improve information security that originated in universities. 

These incidents highlight the key missions of CERTs – to protect critical infrastructure and systems from cyber-attacks and ensure the recovery from an incident happens as quickly as possible.  

As the name suggests, CERTs were established to help respond to emergencies, but their value and capabilities have expanded substantially. CERTs across the world – there are around 800 such teams within FIRST, the global network – support organisations of all sizes across every sector with threat intelligence, vulnerability management, incident response support, training, governance, risk and compliance advice, and many other services. The functions and roles CERTs provide have changed to adapt to the shifting dynamics in cybersecurity.  

Interestingly, not all CERTs are called CERTs. In 1997, Carnegie Mellon University trademarked CERT. As a result, many computer emergency teams have resorted to being called CSIRT (Computer Security Incident Response Team). A similar set of organisations are called ISACs (Information Sharing and Analysis Centers) and focus on threat intelligence more specifically. 

Not All CERTs Are Made The Same

CSIRTs are typically internal to specific organisations and have a more prominent focus on incident response while ISACs act as sector-specific platforms that focus on collaboration and information sharing such as threat intelligence and analysis. In the United States, there are about 30 ISACs with each focussed on supporting a specific industry sector.  

Despite the different names, these organisations have adapted to the changing landscape. Their non-commercial operations give them a unique role in the fight against threat actors. CERTs across the world cooperate frequently to share threat intelligence, newly detected vulnerabilities and to educate their members and local organisations. But they also conduct research and develop education programs. 

This independence means CERTs can create tools and services that are vendor-agnostic. Many CERTs have their own development teams that can create tools to detect and eradicate emerging threats and distribute them quickly.   

One area where CERTs can make a massive difference is in the world of threat intelligence. The constituencies served by all the world’s different CERTs are hungry for a better understanding of today’s threat environment, how it is changing and what can be done to counter new risks. CERTs service this need as they collect intelligence and share information and expertise globally.  That broad view enables them to gain access to the latest breaking threat intelligence information so they can issue advice. They help provide a decentralised safety net to protect Australian digital assets.  

Summary

CERTs are the cybersecurity industry’s best kept secret. They act locally but cooperate globally to help organisations counter cyber threats, support recovery from incidents and educate organisations around the world so they can better protect their digital assets. They have come a long way from their humble beginnings in universities’ forgotten labs.

Ivano Bongiovanni
Dr. Ivano Bongiovanni is the General Manager of AUSCERT, Australia's first computer emergency response team (CERT) and one of the oldest CERTs in the world. With more than 20 years in cyber security and risk management. Dr. Bongiovanni also holds a position as Senior Lecturer in Information Security, Governance, and Leadership. Prior to this, Dr. Bongiovanni was a Research Fellow at the University of Glasgow and PwC Chair in Digital Economy. Dr. Bongiovanni commenced his career as a Police Officer with the Italian Ministry and was the Deputy Venue Security Manager at the Turin 2006 Winter Olympic and Paralympic Games, where he delivered the Venue Security Plan, coordinated security services for the Main Media Centre, the Olympic Stadium (opening ceremony) and the Paralympic Village. He holds a PhD in Risk Management in international airports.

Get Your Cyber News Delivered

Subscribe

Similar Posts

No results found.
Share This