What is a CERT?
The abbreviation CERT stands for the English technical term “Computer Emergency Response Team”. The term CSIRT (Computer Security Incident Response Team) is often used synonymously.
In a CERT, IT specialists and security experts work on solving specific security incidents. For example, this may be necessary for the event of the spread of new types of viruses, targeted server attacks, or the publication of new security vulnerabilities. Another role of a Computer Emergency Response Team may be to warn of security vulnerabilities or provide preventive solutions to IT security threats.
Computer Emergency Response Teams can be formed and active for public authorities, companies, research institutions, banks, large corporations, or other organizations and for private individuals. In Germany, there is a citizen CERT and a CERT Bund.
The main tasks of a CERT for companies
A Computer Emergency Response Team that is specifically active for companies basically has the following main tasks. In the preventive area, the CERT takes care of preventive measures to detect attacks and measures to defend against them. Early warnings are given of security vulnerabilities.
Reactively, the Computer Emergency Response Team has the task of responding appropriately and adequately to incidents and problems such as attacks. Damage is to be prevented by appropriate measures. The further spread of security-related incidents is also to be prevented.
A computer emergency response team also has to fulfill tasks in the area of security quality management. This is intended to improve security within the company. The various findings are continuously incorporated into the company’s risk management.
The CERT-Bund is the Computer Emergency Response Team for the federal authorities. It is responsible for reactive and preventive measures in the event of security-relevant incidents involving IT systems.
It prepares and publishes recommendations for action, points out security gaps and vulnerabilities, provides remediation actions, recommends reactive actions, and collaborates with the IT Situation Center and the IT Crisis Response Center.
Services primarily available to federal agencies are:
- 24-hour on-call response
- Analysis of reported incidents
- Preparation of recommendations
- Operation of an information and warning service
- Active alerting of the federal administration
- Support in the event of security incidents in the federal IT landscape
Computer Emergency Response Teams at European level
At the European level, the CSIRT task force promotes the creation and cooperation of various CERTs. To build a relationship of trust between Computer Emergency Response Teams, a formal audit and accreditation of European CERTs took place. ENISA (European Network and Information Security Agency) supports the activities through so-called TRANSITS courses (Training of Network Security Incident Teams Staff).