What is a CERT, anyway?

This week marks the anniversary of the Morris Worm, the first well-known internet ‘worm’. To mark the occasion, we’re taking a look back at the history of CERTs, to give you a better understanding of what we do and why we do it.

6 November 2020

The history of CERTs

Back in 1988 the internet looked very different to the way it does now. It was a place mostly used by the US academic and research institutions. 

This was the year when the Morris Worm came into being.  Worms weren’t anything new. However the Morris Worm  (named after its creator Robert Tappan Morris), which worked by exploiting weak passwords for computer networks and email, was the first to cause major problems that ended up affecting 10% of internet connected networks.

Removing the virus and getting everything back to normal amongst communities and networks was a long process. Affected computers ran slowly and in some cases became completely unusable.

There was, however, a silver lining. It sparked a realisation that there was a need for a cohesive community response when emergencies like this happen; including how to deal with vulnerabilities and fixes, as well as a focal point for security measures and awareness.

From this the first CERT (Computer Emergency Response Team) was created at Carnegie Mellon University.

CERTs comes in different shapes and sizes

There are different types of CERTs worldwide that do different things. For example, some CERTs oversee cyber security for a country’s government and/or critical infrastructure (such as transport or power), or there are CERT teams that look after cyber security for a particular organisation, sector or products.

To be effective, the global cyber security community has built formal and informal networks to share incident information and best practice.

CERT NZ is pretty unique

As one of the younger CERTs CERT NZ brought something new to the table when we were established in 2017 by being one of the first CERTs in the world that is here for everyone, not just the government or critical infrastructures. This means that we support everyone in the country (everyday Kiwis, businesses and other government agencies) by identifying cyber security issues and helping people to resolve them, and work to build a cyber-resilient New Zealand.

We have also championed making cyber security information accessible to everyone, regardless of their level of understanding, by creating easy-to-understand advice.

We provide support to people experiencing cyber security issues and work with them to tackle the incident. This include providing advice on taking actions that someone has control over, like resetting a password, so they can protect themselves and their information.  We also take steps that are outside the person’s control to try and remedy the remaining issues, such as working with hosting providers and registrars to take down malicious websites.  

We’re extremely proud of our collaborative work across the New Zealand cyber ecosystem with our partner agencies such as NZ Police, NetSafe, DIA, NSCA, NCPO and Internet NZ – to name just a few. We also work closely with our international counterparts to prevent and respond to cyber security incidents, and share information. This work helps us gain a comprehensive understanding of the cyber threat landscape and the impact of threats to help New Zealanders be more cyber resilient.

The same goal

Despite the differences in CERTs and increasingly complexity in cyber issues, the fundamentals of every CERT remain the same.

All CERTs exist to support their community by providing:

  • Incident response to cyber security issues
  • Coordination within an organisation and community to sharing intelligence and be able to pre-warn people about incidents.
  • Information sharing within trusted groups. It’s the CERT’s job to identify problems and solve them. They need a close relationship with their local community, Internet Service Providers and network operators in order to do this.