SEI Press Release
Media Contact Information
CERT Coordination Center® (CERT®/CC) Celebrates Ten Years
This week, Carnegie Mellon University celebrates the 10th anniversary of the CERT Coordination Center (CERT/CC). Ten years ago, the U.S. Department of Defense (DoD) chartered the CERT/CC at Carnegie Mellon’s Software Engineering Institute (SEI), a federally funded research and development center sponsored by the DoD. Since then, the CERT/CC has made major contributions to ensuring the integrity and survivability of the networks that are increasingly critical to our nation's defense as well as its prosperity.
For example, late in 1997, the CERT/CC began seeing increased intruder activity involving a vulnerability that allowed intruders to gain control of a site’s systems. With information from non-DoD sites, vendors, and international response teams noting similar activity, CERT/CC staff gathered data on the threat to users and preventative measures. As a result, they issued an advisory warning the DoD and other readers of the problem and telling them where to find the “patches” necessary to protect their systems from this type of attack. Unfortunately, despite the CERT/CC advanced warning, a number of sites around the world were successfully attacked, including a number of .mil sites (the basis for the highly publicized Solar Sunrise investigation). Without the CERT advisory, however, the cumulative effect of this attack would have been far greater. Although a number of .mil sites were compromised, a significant portion were unaffected, having taken the necessary steps to update their systems when the vulnerability was first made known.
It was 10 years ago in October that a young college student wrote a “worm program” that caused a geometric explosion of copies of itself to be written at computers all around the Internet. As a result, 10% of the U.S. computers connected to the Internet effectively stopped at about the same time. This program—the first Internet security incident to make headline news—was the wake-up call for network security. In response, the CERT/CC was established at the SEI. Its charter was to work with the Internet community to respond to computer security events, raise awareness of computer security issues, and prevent security breaches.
The need for the CERT/CC has grown along with the growth of the Internet. Each year, the U.S. government and U.S. commerce grow increasingly dependent on networked systems. Along with the rapid increase in the size of the Internet and its use for critical functions, there have been progressive changes in intruder techniques, increased amounts of damage, increased difficulty of detecting an attack, and increased difficulty of catching the attackers. In their first year of operation, CERT/CC staff members responded to 6 incidents; in 1997, they responded to 2,134 incidents, and in the first three quarters of 1998, they have responded to 2,497 incidents. The CERT/CC has grown from 3 staff members in 1988 to 50 staff members in 1998, with an expanded program that includes security improvement and research in addition to incident response.CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office.