Amit Yoran, DHS's first Director of the National Cyber Security Division created the United States Computer Emergency Readiness Team in September 2003 to protect the Internet infrastructure of the United States by coordinating defense against and responding to cyber-attacks. The first US-CERT Director was Jerry Dixon ; with the team initially staffed with cybersecurity experts that included Mike Witt, Brent Wrisley, Mike Geide, Lee Rock, Chris Sutton, Jay Brown, Mark Henderson, Josh Goldfarb, Mike Jacobs, Rafael Nunez, Ron Dow, Sean McAllister, Kevin Winter, Todd Helfrich, Monica Maher, and Reggie McKinney. US-CERT is the 24-hour operational arm of the NCCIC which accepts, triages, and collaboratively responds to incidents, provides technical assistance to information system operators, and disseminates timely notifications regarding current and potential security threats, exploits, and vulnerabilities to the public via its National Cyber Awareness System. US-CERT operates side-by-side with the Industrial Control SystemsComputer Emergency Response Team which deals with security related to industrial control systems. Both entities operate together within NCCIC to provide a single source of support to critical infrastructure stakeholders.
Capabilities
There are five operational aspects which enable US-CERT to meet its objectives of improving the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks while protecting the constitutional rights of Americans.
Threat Analysis and information sharing
This feature is involved with reviewing, researching, vetting and documenting all Computer Network Defense attributes which are available to US-CERT, both classified and unclassified. It helps promote improved mitigation resources of federal departments and agencies across the Einstein network by requesting deployment of countermeasures in response to credible cyber threats. This feature conducts technical analysis on data provided from partners, constituents, and monitoring systems to understand the nature of attacks, threats, and vulnerabilities, as well as develop tips, indicators, warnings, and actionable information to further US-CERT’s CND mission.
Digital analytics
This feature conducts digital forensic examinations and malware artifact analysis to determine attack vectors and mitigation techniques, identifies possible threats based on analysis of malicious code and digital media, and provides indicators to mitigate and prevent future intrusions.
Operations
This feature informs the CND community on potential threats which allows for the hardening of cyber defenses, as well as, develops near real-time/rapid response community products. When a critical event occurs, or has been detected, Operations will create a tailored product describing the event and the recommended course of action or mitigation techniques, if applicable, to ensure constituents are made aware and can protect their organization appropriately.
Communications
This feature supports NCCIC information sharing, development, and web presence. It is responsible for establishing and maintaining assured communications, developing and disseminating information, products, and supporting the development and maintenance of collaboration tools.
International
This feature partners with foreign governments and entities to enhance the global cybersecurity defense posture. It supports bilateral engagements, such as CERT-to-CERT information sharing/trust building activities, improvements related to global collaboration, and agreements on data sharingstandards.
