United States Computer Emergency Readiness Team

The United States Computer Emergency Readiness Team’s (US-CERT’s) mission is to improve the nation’s cyber security posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans.^[1] US-CERT’s vision is to be a trusted global leader in cyber security - collaborative, agile, and responsive in a complex environment.

Meeting Expectations

Formed in September 2003, The United States Computer Emergency Readiness Team (US-CERT) is the 24-hour operational arm of the United States Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC). DHS and the public and private sectors created US-CERT to coordinate the response to security threats from the Internet.

US-CERT accepts, triages, and collaboratively responds to incidents; provides technical assistance to information system operators; and disseminates timely notifications regarding current and potential security threats, exploits and vulnerabilities to the public via its National Cyber Awareness System (NCAS).

US-CERT Partners

US-CERT partners with private sector critical infrastructure owners and operators, academia, federal agencies, Information Sharing and Analysis Centers (ISACs), state and local partners, and domestic and international organizations to enhance the Nation's Cybersecurity posture.

US-CERT operates side-by-side with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) which deals with security related to industrial control systems. Both entities operate side-by-side within NCCIC to provide a single source of support to critical infrastructure stakeholders.^[2]

US-CERT Supporting Branches

US-CERT consists of 6 supporting branches in order to meet the US-CERT mission.

Networks and Einstein Analytics

The US-CERT Network and Einstein Analytics team detects and identifies unknown and previously identified network traffic patterns and trends that signal unauthorized, threatening, or risky network activity. They are also responsible for monitoring and vetting all Einstein Alerts; developing and/or deploying countermeasures across Einstein in response to countermeasure requests and/or credible cyber threat to federal departments and agencies to promote improved mitigation capabilities across the Einstein Network.

Develop, deploy, evaluate, and refine signatures across Einstein in response to signature requests to promote improved detection capabilities across the Einstein network, as well as, develop, deploy, and maintain signatures that alert on known malicious indicators and other signatures that attempt to discover malicious activity based on revealed tactics, techniques, and procedures (TTP’s).

Threat Analysis & Information Sharing

The Threat Analysis & Information Sharing team is responsible for reviewing, researching, vetting and documenting all Computer Network Defense (CND) attributes that are available to US-CERT, both classified and unclassified. Promote improved mitigation capabilities with federal departments and agencies across the Einstein network by requesting deployment of countermeasures across Einstein in response to credible cyber threats.

This team conducts technical analysis of data from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as, develop tips, indicators, warnings, and actionable information to further the US-CERT CND mission.

Digital Analytics

The Digital Analytics team analyzes forensic information and malware artifact (e.g., logs, code, hard drives) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to Detection & Analysis to mitigate and prevent future intrusions by those actors.

They determine the cause and effect of probable intrusions into critical national systems by malicious individuals through media or malware analysis.

Operations

The operations team informs the CND community of potential threats to allow for the hardening of defensive postures, as well as, develop near real-time/rapid response community products. When a critical event occurs or has been detected, the operations team will create a product (report) describing the event and recommended course of action (if applicable) to ensure constituents are made aware and can protect their organization as appropriate.

Communications

The Communications team supports NCCIC Operations in information sharing, development, and web presence. They enable critical functions for NCCIC such as: Reporting – communicating current and valuable information; Information Sharing – incorporating and publishing timely and actionable knowledge through trusted exchanges and environments with diverse constituents; and Collaboration – working with partners across the community of practice to continuously evolve our understanding of events and take appropriate action.

Seamless reporting, valuable information sharing, flexible collaboration, and continuous improvement are the goals the Communication team strives for on a daily basis.

International Operations

(Currently under construction)

Acronyms

Acronym	Meaning
CND	Computer Network Defense
DHS	Department of Homeland Security
ICS-CERT	Industrial Control Systems- Computer Emergency Response Team
ISAC	Information Sharing and Analysis Centers
NCAS	National Cyber Awareness System
NCCIC	National Cybersecurity & Communications Integration Center
TTP	tactics, techniques, and procedures
US-CERT	United States- Computer Emergency Response Team

References

1. "US-CERT Home Page". Retrieved 2013-01-08. 
2. "ICS-CERT". Retrieved 2013-01-08. 

See also

• CERT Coordination Center
• Einstein (US-CERT program)
• National Infrastructure Security Co-ordination Centre

External links

• US-CERT Official website
• NCCIC National Cybersecurity and Communications Integration Center
• ICS-CERT Industrial Control Systems Computer Emergency Response Team