Date: Fri 9 Dec 88 23:38:59-EST

From: William L. Scherlis <SCHERLIS@vax.darpa.mil>

Subject: CERT NEWS RELEASE



						No.  597-88

						(202) 695-0192 (Info.)

						(202) 697-3189 (Copies)

IMMEDIATE RELEASE	December 6, 1988	(202) 697-5737 

(Public/Industry)



	DARPA ESTABLISHES COMPUTER EMERGENCY RESPONSE TEAM



The Defense Advanced Research Projects Agency (DARPA) announced today

that it has established a Computer Emergency Response Team (CERT) to

address computer security concerns of research users of the Internet,

which includes ARPANET.  The Coordination Center for the CERT is

located at the Software Engineering Institute (SEI), Carnegie Mellon

University, Pittsburgh, PA.



In providing direct service to the Internet community, the CERT will

focus on the special needs of the research community and serve as a

prototype for similar operations in other computer communities.  The

National Computer Security Center and the National Institute of

Standards and Technology will have a leading role in coordinating the

creation of these emergency response activities.



The CERT is intended to respond to computer security threats such as

the recent self-replicating computer program ("computer virus") that

invaded many defense and research computers.



The CERT will assist the research network communities in responding to

emergency situations.  It will have the capability to rapidly

establish communications with experts working to solve the problems,

with the affected computer users and with government authorities as

appropriate.  Specific responses will be taken in accordance with

DARPA policies.



It will also serve as a focal point for the research community for

identification and repair of security vulnerabilities, informal

assessment of existing systems in the research community, improvement

to emergency response capability, and user security awareness.  An

important element of this function is the development of a network of

key points of contact, including technical experts, site managers,

government action officers, industry contacts, executive level

decision-makers and investigative agencies, where appropriate.



Because of the many network, computer, and systems architectures and

their associated vulnerabilities, no single organization can be

expected to maintain an in-house expertise to respond on its own to

computer security threats, particularly those that arise in the

research community.  As with biological viruses, the solutions must

come from an organized community response of experts.  The role of the

CERT Coordination Center at the SEI is to provide the supporting

mechanisms and to coordinate the activities of experts in DARPA and

associated communities.



The SEI has close ties to the Department of Defense, to defense and

commercial industry, and to the research community.  These ties place

the SEI in a unique position to provide coordination support to the

software experts in research laboratories and in industry who will be

responding in emergencies and to the communities of potentially

affected users.



The SEI is a federally-funded research and development center,

operating under DARPA sponsorship with the Air Force Systems Command

(Electronic Systems Division) serving as executive agent.  Its goal is

to accelerate the transition of software technology to defense

systems.  Computer security is primarily a software problem, and the

presence of CERT at the SEI will enhance the technology transfer

mission of the SEI in security-related areas.



					-END-







QUESTIONS AND ANSWERS:  DARPA ESTABLISHES CERT, 12/6/88



Q: Can you provide background on earlier break-ins?



A: On November 2, 1988, thousands of computers connected to

unclassified DoD computer networks were attacked by a virus.  Although

the virus did not damage or compromise data, it did have the effect of

denying service to thousands of computer users.  The computer science

research community associated with the Defense Advanced Research

Projects Agency (DARPA), along with many other research laboratories

and military sites that use these networks, quickly responded to this

threat.  They developed mechanisms to eliminate the infection, to

block the spread of the self-replicating program, and to immunize

against further attack by similar viruses.  Software experts from the

University of California at Berkeley, with important contributions

from the Massachusetts Institute of Technology and other network

sites, rapidly analyzed the virus and developed immunization

techniques.  These same software experts also provided important

assistance in the more recent Internet intrusion of 27-28 November.



As the events unfolded, DARPA established an ad hoc operation center

to help coordinate the activities of software experts working around

the clock and to provide information to appropriate government

officials.  The operations center had three main tasks.  It

facilitated communications among the many groups affected, it ensured

that government organizations were promptly informed of developments,

and it provided initial technical analysis in DoD.  Although the

threat was contained quickly, a more maliciously designed virus could

have done serious damage.



The recent events serve as a warning that our necessarily increasing

reliance on computers and networks, while providing important new

capabilities, also creates new kinds of vulnerabilities.  The

Department of Defense considers this an important national issue that

is of major concern in both the defense and commercial sectors.  The

DoD is developing a technology and policy response that will help

reduce risk and provide an emergency reaction response.



Q: Who will be on the CERT?



A: The CERT will be a team of over 100 experts located throughout the

U.S.  whose expertise and knowledge will be called upon when needed.

When not being called upon, they will continue their normal daily

work.  As noted in the release, these experts will include: technical

experts, site managers, government action officers, industry contacts,

executive-level decision-makers and representatives from investigative

agencies.



Q: Is the CERT different from the Coordination Center that is at the

SEI?



A: Yes.  The Coordination Center will be made up of six or so people

who will serve as the communications and nerve center for the total

CERT.



Q: What kinds of actions will the CERT be able to take in response to

security threats?



A: The CERT will have no authority of its own.  It may make

recommendations that will be acted upon by DoD authorities.



Q: Is the CERT fully operational now?



A: We are in the very early stages of gathering people for the CERT.

We are first concentrating on collecting technical experts.  A staff

is in place at SEI, but details are still being worked out.



Q: Will there just be one CERT?



A: The intent is that each major computer community may decide to

establish its own CERT.  Each CERT will therefore serve only a

particular community and have a particular technical expertise.  (The

DARPA/SEI CERT will serve, for example, the research community and

have expertise in Berkeley-derived UNIX systems and other systems as

appropriate.)  The National Computer Security Center and the National

Institute of Standards and Technology will support the establishment

of the CERTs and coordinate among them.



Q: What are the special needs of the research community that their

CERT will serve?



A: The special challenge of the research community is improving the

level of computer security without inhibiting the innovation of

computer technology.  In addition, as is often DARPA's role, their

CERT will serve as a prototype to explore the CERT concept so that

other groups can learn and establish their own.



Q: Does the CERT Coordination Center have a press point of contact?



A: No.  Their function is to serve as a nerve center for the user

community.



-------



Downloaded From P-80 International Information Systems 304-744-2253
