A Technical History of the SEI
ihQTwP
ihQTwP
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Teams (FIRST), which was formed in 1989 and now boasts 289 members worldwide (as <strong>of</strong> January<br />
2013). 29<br />
In <strong>the</strong> early years, <strong>the</strong> CERT/CC staff responded to every incident report and worked closely with<br />
individuals reporting incidents. This activity enabled <strong>the</strong> staff to understand <strong>the</strong> practices involved<br />
in incident response and determine how to make <strong>the</strong>m repeatable. Upon noticing that many people<br />
made <strong>the</strong> same mistakes, <strong>the</strong> center began writing “tech tips” and checklists (an early tech tip was<br />
a UNIX security checklist). By <strong>the</strong> mid-1990s, <strong>the</strong> CERT/CC had accumulated enough knowledge<br />
and experience to codify processes and teach o<strong>the</strong>rs how to do incident response, resulting in <strong>the</strong><br />
first training courses and a handbook for CSIRTs [West-<br />
Brown 2003]. 30 The CERT/CC also assisted in <strong>the</strong> establishment<br />
<strong>of</strong> response teams; for example, CERT experts<br />
helped <strong>the</strong> Army with structure, organizational listing,<br />
and training for ACERT, <strong>the</strong> Army’s incident<br />
response team. After working at <strong>the</strong> organization level,<br />
<strong>the</strong> CERT/CC moved to <strong>the</strong> national level and <strong>the</strong> nation’s<br />
special technical needs. The center played a significant<br />
role in <strong>the</strong> creation and continued evolution <strong>of</strong><br />
US-CERT, <strong>the</strong> national CSIRT for <strong>the</strong> United States,<br />
and Q-CERT, <strong>the</strong> national CSIRT <strong>of</strong> Qatar. As industry<br />
capacity grew, <strong>the</strong> CERT/CC focused more on codifying<br />
best practices and growing capacity.<br />
The View from O<strong>the</strong>rs<br />
Since CERT was formed it has<br />
been a great help to me and my<br />
several employers since that time.<br />
I wish to thank you for your great<br />
work!<br />
– a physicist working in a<br />
government institute <strong>of</strong><br />
science<br />
Thanks to all <strong>of</strong> you – you’re doing<br />
a great service to <strong>the</strong> information<br />
security community. Keep up <strong>the</strong><br />
good work!<br />
– an information security<br />
<strong>of</strong>ficer<br />
These online docs were very useful.<br />
In fact <strong>the</strong> checklist was how<br />
we found <strong>the</strong> network sniffer….<br />
– a user <strong>of</strong> <strong>the</strong> Intruder<br />
Detection Checklist<br />
CERT/CC staff now helps loosely coordinate national<br />
CSIRTS, supporting central points such as Information<br />
Sharing and Analysis Centers (ISACs), and providing<br />
operational coordination for critical infrastructure/key<br />
resource (CIKR) led by <strong>the</strong> DHS and DoD. The<br />
CERT/CC holds an annual technical meeting that helps<br />
it effectively share knowledge and tools. Its location at<br />
<strong>the</strong> <strong>SEI</strong> and Carnegie Mellon enables it to serve as a<br />
neutral, trusted, third party to coordinate responses to<br />
high-impact incidents across geographic, national, political,<br />
and economic boundaries. The CERT/CC is concentrating<br />
on threats that affect national and economic security,<br />
with a focus on government and critical infrastructure and on threats from <strong>the</strong> most serious<br />
adversaries, especially threats that do not yet have a commercial solution. The center seeks ways<br />
to identify threats and remediate <strong>the</strong>m, concentrating on <strong>the</strong> technological cutting edge.<br />
29 Information and a list <strong>of</strong> members are available at http://www.first.org.<br />
30 Additional materials for CSIRTS are at http://www.cert.org/incident-management/csirt-development/index.cfm.<br />
CMU/<strong>SEI</strong>-2016-SR-027 | SOFTWARE ENGINEERING INSTITUTE | CARNEGIE MELLON UNIVERSITY 167<br />
Distribution Statement A: Approved for Public Release; Distribution is Unlimited.