article featured image


When new malware is released onto the Internet at the speed of email, incident response teams need to act fast. In order to keep the malicious code from spreading to too many hosts and to help users with infected systems get back on their feet, a quick response is mandatory. Read along to find out what is CERT in security can how it can help you fight cybercriminals and defend your company’s networks.

What Is CERT in Security?

According to Tech Target, CERT, which stands for Computer Emergency Response Team,

is a group of information security experts responsible for the protection against, detection of, and response to an organization’s cybersecurity incidents.

In short, the answer to what Is CERT in security is quite simple: CERT is the human counterpart to anti-virus software. When new malware or other threats are discovered, computer emergency response teams investigate these issues and work to fix them. Since these teams consist of people who can quickly react to new situations, they are much more experienced in dealing with new security threats than antivirus programs would be by themselves.

When CERT comes upon a new threat, the team continuously works to create a remedy for it. They often work closely with antivirus software companies to establish virus definitions and solutions, and also with other software vendors to help plug up any security holes that allowed the virus to spread.

When it comes to virus response, there are several stages we need to discuss.

#1. Threat reporting

Most virus response groups’ websites have sections that allow people to send them samples of viruses they have received or other information on system vulnerabilities. The faster people share information about the threat, the faster they can respond. Other groups, like CERT/CC, ask users to encrypt system vulnerability information before sending it, to keep it from falling into the wrong hands.

#2. Threat review

After receiving information about a virus or security hole, response teams then begin reviewing it to determine how dangerous it is and how difficult it will be to fix. In the process of reviewing a new virus, CERT can build a virus profile or definition, which they can then post on their web site in order to spread awareness about the virus.

#3. Recovery tool implementation

Finally, after assessing a virus and building a profile, CERT can then work on implementing a recovery tool for that particular threat. Since these tools are individually built in response to specific viruses, they are generally much more effective against particular new threats than general anti-virus software, which attempts to protect against all viruses.

A Brief History of CERT

CERT was formed in November 1988, after Robert Tappan Morris, a Cornell University graduate student, released an Internet worm on the campus of the Massachusetts Institute of Technology (MIT) in an attempt to disguise its origin.

Several researchers from the academic and government community came together to contain the worm, and shortly after that, the Defense Advanced Research Projects Agency of the U.S. government funded the development of the CERT Coordination Center (CERT/CC).

Although it started as a computer emergency response team, it has since grown to assume a much broader role. Therefore, when we discuss what is CERT in security, “CERT” is no longer an acronym.

The Morris Worm was never intended to be destructive but rather was written to highlight software security flaws in Berkeley Software Distribution (BSD) variants of UNIX. Ironically enough, according to Tech Target, the worm itself had a software flaw that caused it to replicate itself much faster than intended causing machines it infected to slow or stop under the demands of the worm, contributing to the discovery of the worm.

Beyond the damage it caused, there were also three lasting effects from its release:

  • The creation of the CERT/Coordination Center at the Software Engineering Institute (SEI).
  • Robert Tappan Morris became the first person to be tried and convicted under the Computer Fraud and Abuse Act (CFAA) of 1986.
  • The worm stimulated the thinking and research into critical infrastructure protection.

Since its creation, the CERT Coordination Center has become one of the world’s leading computer security institutes. With the creation of CERT/CC, the Internet has grown from an estimated 60,000 computers in 1998 to over one billion hosts advertised in the domain name system (DNS) as of January 2020.

The Role of CERT in Information Security

According to its website, CERT goals include the following:

1. To provide a capability to quickly and effectively coordinate communication among experts during security emergencies in order to prevent future attacks.

2. To build awareness of security issues across the Internet community.

In addition, CERT also guides and synchronizes with other computer security incident response teams worldwide. Numerous response teams with “CERT” in their name have expanded and are now part of the Forum of Incident Response and Security Teams (FIRST), of which CERT was a founding member. They all work independently toward a common goal of computer security. These teams include AFCERT (Air Force CERT), AUSCERT (Australian Computer Emergency Response Team), BCERT (Boeing CERT), and many more.

In addition to CERT and the organizations that constitute FIRST, many private software companies also have divisions that play a similar role.

Wrapping It Up…

Nowadays, the very short timeline of virus outbreaks and containment is very common with computer viruses. Although response teams are very quick to respond to new viruses, many users get infected in that short period of time. What’s more, despite all the available recovery tools, many systems still become infected as many people are unaware of them and/or do not update their antivirus software.

Computer Emergency Response Teams can be a stroke of luck to those who look to them for help but can only do as much as people allow them to. Without the awareness and cooperation of all computer users, viruses will continue to spread.

Drop a line below if you have any comments, questions, or suggestions regarding the topic of what is CERT in security  – we are all ears and can’t wait to hear your opinion!

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.