For millennia, we humans have collectively and instinctively responded to complex incidents that threaten our common well-being. From earthquakes, wildfires, and floods to large electrical blackouts, food-supply contaminations, and product-safety recalls. Responding to and preparing for such calamities, we have evolved collective capabilities and institutions at varied levels–local, regional, sector, national, international, and global. With the wide-spread adoption of networked information technologies, cybersecurity incidents have emerged as yet another threat to our common well-being. Thirty years ago, the institutional construct of a Computer-Emergency Response Team (CERT) evolved from responses to actual incidents in the nascent Internet.
As the Chief Scientist for the CERT Division of the Software Engineering Institute at Carnegie Mellon University, I’m honored and humbled to preface this volume compiled by my esteemed colleagues, A. Armando, M. Henauer and A. Rigoni. These papers provide insights on the evolution of CERTs as long-lived yet agile institutions. Such agility is more urgently needed than ever as we observe the fast emerging and evolving threats that exploit social media, on-line human frailties, the scale of the Internet of Things, and artificial intelligence tools.
As the essence of shared national security interests, NATO serves a critical long-standing role for ensuring peace and stability in Europe and beyond. In that spirit, A. Armando, M. Henauer and A. Rigoni held a NATO-sponsored workshop on March 28–30, 2017, on “New Generation CERT: from Response to Readiness – Strategy and Guidelines” at the School of Telecommunications of the Italian Armed Forces in Italy that convened cybersecurity experts from NATO member and affiliate states. I was delighted to participate in the vigorous discussions that provided the material for this volume.
Trust, sharing, change, verify, preparedness, mission, dynamic, readiness, monitoring, exercise.
These ten words are my key impressions from the nine chapters. In Chapter 1.1, by A. Rigoni, et al., trust is fundamental to the concept of a CERT – assisting in an emergency, when organizations are vulnerable to active threats. In Chapter 1.2, by M. Maybury, sharing information is the lifeblood of a CERT, without sharing a CERT is nothing. In Chapter 2.1, by K. Wrona, et al., change in the threats, technologies, and organizational needs drive the evolution of our concepts of CERTs. In Chapter 2.2, by L. Russo, et al., verify with red teams – an imperative to realistically validate protections, procedures, and functional CERT capabilities. In Chapter 3.1, by S. Bordi, dynamic evolution defines each and every CERT, especially as the security operations center matures and integrates with CERT capabilities. In Chapter 3.2, by L. Ballarno et al., readiness defines the persistent state of staff in a CERT – ready to effectively respond to any computer emergency, even if previous unexperienced. In Chapter 3.3, by F. Casano et al., exercise is the essence of a “fit” and ready to respond CERT – organizations require no less. I hope you enjoy these chapters on the continued evolution of CERT’s and see how the ideas herein will shape that evolution for NATO states and affiliates.
Carnegie Mellon University Pittsburgh, USA