September 15, 2003 1:52 PM PDT
Feds set up cyberfighting group
The federal body said Monday that it was partnering with Carnegie Mellon University's CERT Coordination Center to create a new group that would work to prevent, monitor and respond to "cyberattacks" across the Internet. The new US-CERT group is expected to focus on giving companies, digital security groups, federal agencies and others a venue for sharing critical information about security issues.
"The recent cyberattacks--such as the Blaster worm and the Sobig virus--highlight the urgent need for an enhanced computer emergency response program that coordinates national efforts to cyberincidents and attacks," DHS Secretary Tom Ridge said in a statement.
The new organization hopes to jump-start communication between companies, security researchers, networks and other entities affected by digital security problems, many of which have historically been loath to share detailed information on break-ins by hackers, software vulnerabilities or other security problems.
A forum that allows those entities to talk directly to each other, as opposed to sharing bits of information through a central clearinghouse, has been slow to emerge--despite being long-viewed by security experts as one of the most critical needs of a computing community racing to keep up with virus-writers and mutating computer worms.
"Today most of the interaction between organizations is informal, happening on an ad-hoc basis," said Jeffrey Carpenter, manager of the Carnegie Mellon CERT center. "But I think organizations are coming to realize that they have to work together on this problem. We're much more powerful together than individually."
Monday's announcement served primarily as notice to the security community that the new US-CERT would be soliciting participation from critical network-watchers and vulnerability-trackers, ranging from government organizations to Internet service providers.
Carpenter said the new organization will likely spend the next few months signing up those partners, both in the United States and overseas, that can best provide insight into the current state of network vulnerabilities.
Carnegie Mellon's CERT center, formed after the Morris worm attack in 1988 as a clearinghouse for ongoing security bulletins and vulnerability information, has come closest to this goal to date. Funded by the U.S. Department of Defense, it has played a key role in distributing information about virulent digital infections such as the recent MSBlast worm and the Sobig viruses.
CERT has come under criticism from some in the security community for providing information about dangerous security issues first to the organizations that fund it, before releasing the same information to the community at large. Some technology professionals have recently said they now rely more heavily on the FBI-backed National Infrastructure Protection Center (NIPC).
CERT itself will continue to operate as a clearinghouse for information on viruses, worms and other security issues, while the new body will act as a forum for direct discussion and information-sharing.