|Headquarters||DHS Ballston Facility, 1110 N Glebe Rd, Arlington, VA 22201|
|Annual budget||$93 million (2013)|
|Parent agency||Cybersecurity and Infrastructure Security Agency|
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).
US-CERT is responsible for analyzing and reducing cyber threats, vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.
The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.
Amit Yoran (Tenable, CEO), DHS's first Director of the National Cyber Security Division created the United States Computer Emergency Readiness Team (US-CERT) in September 2003 to protect the Internet infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first Director of the US-CERT was Jerry Dixon (CrowdStrike, CISO); with the team initially staffed with cybersecurity experts that included Mike Witt (NASA, CISO), Brent Wrisley (Punch Cyber, CEO), Mike Geide (Punch Cyber, CTO), Lee Rock (Microsoft, SSIRP Crisis Lead), Chris Sutton (Department of Justice, Assistant CIO), Jay Brown (USG, Senior Exec Cyber Operations), Mark Henderson (IRS, Online Cyber Fraud), Josh Goldfarb (Security Consultant), Mike Jacobs (Treasury, Director/Chief of Operations), Rafael Nunez (DHS/CISA), Ron Dow (General Dynamics, Senior Program Mgr), Sean McAllister (Network Defense Protection, Founder), Kevin Winter (Deloitte, CISO-Americas), Todd Helfrich (Attivo, VP), Monica Maher (Goldman Sachs, VP Cyber Threat Intelligence), Reggie McKinney (VA) and several other talented cybersecurity experts. In January 2007, Mike Witt was selected as the US-CERT Director, who was then followed by Mischel Kwon (Mischel Kwon and Associates) in June 2008. When Mischel Kwon departed in 2009, a major reorganization occurred which created the National Cybersecurity and Communications Integration Center (NCCIC).
US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and vulnerabilities to the public via its National Cyber Awareness System (NCAS).
US-CERT operates side-by-side with the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) which deals with security related to industrial control systems. Both entities operate together within NCCIC to provide a single source of support to critical infrastructure stakeholders.
There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.
Threat Analysis and information sharing
This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.
This feature conducts digital forensic examinations and malware artifact analysis (reverse engineering) to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.
This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops near real-time/rapid response community products (e.g., reports, white papers).
When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.
This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of collaboration tools.
This feature partners with foreign governments and entities to enhance the global cybersecurity defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharing standards.
A January 2015 report by Senator Tom Coburn, ranking member of the Committee on Homeland Security and Governmental Affairs, expressed concern that "[US-CERT] does not always provide information nearly as quickly as alternative private sector threat analysis companies".
- Alert (TA15-337A)
- CERT Coordination Center
- Einstein (US-CERT program)
- National Infrastructure Security Co-ordination Centre
- DHS (2013). FY 2013 Budget in Brief (PDF) (Report).
- "About the National Cybersecurity and Communications Integration Center". Retrieved September 4, 2013.
- "US-CERT Infosheet Version 2" (PDF). Retrieved September 4, 2013.
- "US-CERT About Us". Retrieved September 4, 2013.
- "More Information about the Industrial Control Systems Cyber Emergency Response Team". Archived from the original on October 6, 2013. Retrieved September 4, 2013.
- "US-CERT Home Page". Retrieved September 4, 2013.
- Coburn, Tom. (January 2015). "A Review of the Department of Homeland Security's Missions and Performance". hsgac.senate.gov. Retrieved December 20, 2015.
- Official website
- NCCIC National Cybersecurity and Communications Integration Center
- ICS-CERT Industrial Control Systems Computer Emergency Response Team
- Forum of Incident Response and Security Teams - Members