1.

INTRODUCTION
Computer emergency response teams (CERT) are expert
groups that handle computer security incidents. Alternative
names for such groups include computer emergency
readiness team and computer security incident response
team (CSIRT).

The name "Computer Emergency Response Team" was first

used by the CERT Coordination Center (CERT-CC)
at Carnegie Mellon University (CMU). The abbreviation CERT
of the historic name was picked up by other teams around
the world. Some teams took on the more specific name of
CSIRT to point out the task of handling computer security
incidents instead of other tech support work, and because
CMU was threatening to take legal action against individuals
or organisations who referred to any other team than CERT-
CC as a CERT. After the turn of the century, CMU relaxed its
position, and the terms CERT and CSIRT are now used
interchangeably.The history of CERTs is linked to the
existence of malware, especially computer
worms and viruses. Whenever a new technology arrives, its
misuse is not long in following. The first worm in
the IBM VNET was covered up.

1
Computer emergency response teams are the human
counterparts to anti-virus software. When new viruses or
computer security threats are discovered, these teams
document these problems and work to fix them. Because
these teams are made up of people who can react to new
situations, they are much more capable of dealing with new
virus threats than anti-virus programs would be by
themselves. When the computer security experts that make
up the response teams discover a new dangerous virus,
they work around the clock to create a remedy for it. They
often work closely with anti-virus software companies to
establish virus definitions and solutions, and they work with
other software makers to help plug up any security holes
that allowed the virus to propagate itself.

2
BACKGROUND

CERT was the original computer emergency response team.

It was formed in November 1988, after Morris released his
Internet worm. A collection of researchers from the
academic and government community came together to
contain the worm, and shortly after that, the Defense
Advanced Research Projects Agency of the U.S. government
funded the development of the CERT Coordination Center
(CERT/CC). Though it started out simply as a computer
emergency response team, it has since grown to assume a
much broader role, and "CERT" is no longer considered to be
an acronym.

WHAT IS A CYBER ATTACK?

A cyber attack is an attack initiated from a computer

against a website, computer system or individual computer
(collectively, a computer) that compromises the
confidentiality, integrity or availability of the computer or
information stored on it. Cyber attacks take many forms,
including:

3
 Gaining, or attempting to gain, unauthorized access to
a computer system or its data.

Unwanted disruption or denial of service attacks,

including the take down of entire web sites.

4
 2. OBJECTIVES OF CERT
According to CERT's website, its goals include the following:

1. Establish a capability to quickly and effectively coordinate

communication among experts during security emergencies
in order to prevent future incidents.

2. Build an awareness of security issues across the Internet

community.

In addition to handling reports of computer viruses and

security holes, CERT/CC also trains and coordinates with
other computer security incident response teams across the
U.S. and the globe. Many other response teams with "CERT"
in their name have sprung up and are part of the Forum of
Incident Response and Security Teams (FIRST), of which
CERT/CC was a founding member. They all work
independently toward a common goal of computer security.
These teams include AFCERT (Air Force CERT), AUSCERT
(Austrailian Computer Emergency Response Team), BCERT
(Boeing CERT), and many more. SUNSeT, the Stanford
University Network Security Team, is also a member of
FIRST.

5
In addition to CERT/CC and the organizations that make up
FIRST, many private anti-virus software companies also
have divisions that play the role of the emergency response
team.

6
 3. THE PROCESS OF RESPONDING TO A
NEW THREAT

When a new virus is released onto the Internet at the speed

of email, incident response teams need to act fast. Quick
response is necessary in order to keep the virus from
spreading to too many hosts and to help users with infected
systems get back on their feet.

The first stage of virus response is the reporting of threats.

The web sites of most virus response groups have sections
that allow people to send them samples of viruses they
have received or other information on system
vulnerabilities. These groups depend on the assumption
that concerned computer users will send them this
information early on in the virus's life cycle. The faster that
people tell them about the threat, the faster they can
respond. Some groups, such as CERT/CC, ask users to
encrypt system vulnerability information before sending it,
to keep it from falling into the wrong hands.

7
After receiving information about a virus or security hole,
response teams then begin reviewing it to determine how
dangerous it is and how difficult it will be to fix. In the
process of reviewing a new virus, groups can build a virus
profile or definition, which they can then post on their web
site in order to spread awareness about the virus. For every
significant virus it reviews, the research team at Symantec
(which also produces Norton Anti-Virus software) puts
together a detailed profile which includes assessments on
how much damage the virus causes, how fast it can
replicate and distribute itself, and how widespread it is.
Some teams, like the team at www.sophos.com, also put up
profiles of viruses hoaxes when they receive virus alerts
that they determine to be inaccurate.

Finally, after a response team has assessed a virus and built

a profile, it can then work on building a recovery tool for
that virus. A recovery tool looks for a specific virus, removes
it from the system if it is found, then attempts to repair any
damage that the virus may have caused. Because recovery
tools are individually built in response to specific viruses,
they are generally much more effective against particular
new threats than general anti-virus software, which
attempts to protect against all viruses.

8
Of course, recovery tools are only useful to people whose
systems have already been infected. They are useful for
helping people recover, but insufficient when it comes to
containing the virus. For this reason, the virus definitions
built by response teams during the review phase are
eventually included in updates to anti-virus programs, so
that people can protect their systems from being
compromised in the first place.

9
 4. COMPARATIVE STUDY OF CERT

U.S.A.

U.K.

INDIA

COMPUTER EMERGENCY RESPONSE TEAM

IN U.S.A.

In early 2000, Federal Government networks began to

experience an alarming number of cyber breaches. In
response, Congress created the Federal Computer Incident
Response Center (FedCIRC) at the General Services
Administration as a centralized hub of coordination and
information sharing between federal organizations. With the
creation of the Department of Homeland Security in 2002,
Congress transferred these responsibilities to the new
Department. In 2003, FedCIRC was renamed US-CERT, and

10
its mission was expanded to include providing boundary
protection for the federal civilian executive domain and
cybersecurity leadership. This shared responsibility has
evolved over time to make US-CERT a trusted partner and
authoritative source in cyberspace for the Federal
Government; SLTT governments; private industry; and
international organizations. US-CERT strives for a safer,
stronger Internet for all Americans by responding to major
incidents, analysing threats, and exchanging critical
cybersecurity information with trusted partners around the
world.

There are five operational aspects which enable US-CERT to

meet its objectives of improving the nations cybersecurity
posture, coordinate cyber information sharing, and
proactively manage cyber risks while protecting the
constitutional rights of Americans.

Threat Analysis and information sharing

This feature is involved with reviewing,

researching, vetting and documenting all Computer Network
Defense (CND) attributes which are available to US-CERT,
both classified and unclassified.

It helps promote improved mitigation resources of federal

departments and agencies across the Einstein network by
11
requesting deployment of countermeasures in response to
credible cyber threats.

This feature conducts technical analysis on data provided

from partners, constituents, and monitoring systems to
understand the nature of attacks, threats,
and vulnerabilities, as well as develop tips, indicators,
warnings, and actionable information to further US-CERTs
CND mission.

Digital analytics

This feature conducts digital forensic examinations

and malware artifact analysis (reverse engineering) to
determine attack vectors and mitigation techniques,
identifies possible threats based on analysis of malicious
code and digital media, and provides indicators to mitigate
and prevent future intrusions.

Operations

This feature informs the CND community on potential

threats which allows for the hardening of cyber defenses, as
well as, develops near real-time/rapid response community
products (e.g., reports, white papers).

When a critical event occurs, or has been detected,

Operations will create a tailored product describing the
event and the recommended course of action or mitigation

12
techniques, if applicable, to ensure constituents are made
aware and can protect their organization appropriately.

Communications

This feature supports NCCIC information sharing,

development, and web presence. It is responsible for
establishing and maintaining assured communications,
developing and disseminating information, products, and
supporting the development and maintenance
of collaboration tools.

International

This feature partners with foreign governments and entities

to enhance the global cybersecurity defense posture. It
supports bilateral engagements, such as CERT-to-CERT
information sharing/trust building activities, improvements
related to global collaboration, and agreements on data
sharing standards.

Information Sharing and Analysis Centers (ISACs) were

established to allow sectors to share information and work
together in an effort to protect our critical infrastructures.

US-CERT 2012 Accomplishments

13
 Transitioned to a key role as a fully integrated element of
the National Cybersecurity and Communications Integration
Center (NCCIC) providing critical information and analysis
feeds needed to perform their mission;

Provided key support to public and private sector partners

to respond to and mitigate current cyber intrusions and
cyber risks;

Developed the Advanced Malware Analysis Center (AMAC)

to analyze malware threat data;

Improved and expanded our outreach to our domestic

public and private sector partners to share indicators and
coordinate responses to domestic cyber events

POSITION OF CERT IN U.K.

A CERT provides a central hub for information to help those

with responsibility for Computer Security. Individual CSIRTs

14
tend to be more focused on an implementation area such as
Military, Business, Academia or government.

The point of an organisation like UKCERT is that it can act

independently as its roots are from an academic university
background. In the UK, they have a CERT like organisations
for academia, govt and army. UKCERT is independent of a
controlling organisation and as such has been able to react
in an independent manner.

UKCERTs technicians check new releases and publish

technical guidelines on how to secure software packages
and operating systems to consensus levels. As an open
forum UKCERT enlists the expertise of its membership to the
common advantage.

The Minister for the Cabinet Office and Paymaster General,

Matt Hancock, has confirmed today that the UKs new
national cyber centre, announced by the Chancellor in
November, will be called the National Cyber Security Centre
(NCSC).

The UK faces a growing threat of cyber-attacks from states,

serious crime gangs, hacking groups as well as terrorists.

15
The NCSC will help ensure that the people, public and
private sector organisations and the critical national
infrastructure of the UK are safer online.

It will bring the UKs cyber expertise together to transform

how the UK tackles cyber security issues.

It will be the authoritative voice on information security in

the UK and one of its first tasks will be to work with the
Bank of England to produce advice for the financial sector
for managing cyber security effectively.

In setting up the NCSC we will adopt structured consultation

with the private sector. Our objectives are to raise
awareness of government intent; undertake genuine
dialogue that shapes service delivery; demonstrate serious
commitment to listen; and develop sustainable engagement
channels.

CERT in India

What is CERT-IN?

16
CERT-In (the Indian Computer Emergency Response Team) is
a government-mandated information technology (IT)
security organization. The purpose of CERT-In is to respond
to computer security incidents, report on vulnerabilities and
promote effective IT security practices throughout the
country.

CERT-In was created by the Indian Department of

Information Technology in 2004 and operates under the
auspices of that department. According to the provisions of
the Information Technology Amendment Act 2008, CERT-In is
responsible for overseeing administration of the Act.

CERT organizations throughout the world are independent

entities, although there may be coordinated activities
among groups. The first CERT group was formed in the
United States at Carnegie Mellon University.

17
 Legal Recognition Of CERT-IN
Section 70B empowers Indian Computer emergency
response team as a national focal point for gathering
information on threats and facilitating the Central
Governments response to computer based incidents.
Role of CERT-IN is in the area of cyber security
include :-
a) Collection, analysis and dissemination of
information on cyber incidents;
b)Forecast and alerts of cyber security incidents;
c) Emergency measures for handling cyber security
incidents;

By virtue of sub-section (6) CERT-IN may call for information

and give direction to the service provider, intermediaries,
data centers, body corporate and any other person to carry
out provision of sub-section(4);if these body fails to provide
required information then they shall be punishable with
imprisonment for a term which may extend to one year or
with fine which may extend to one lakh rupees or both.

Moreover, under sub section (8), no court is empowered to

take cognizance of any offence under this section, except
on complaint made by an officer authorised in this behalf by
the agency referred to in sub-section (1) .

18
5. CONCLUSION
Since IT is spreading so fast more machinery and
cooperation is required. Other statutes must be framed
in order to tackle the cyber threat. By incorporating
sections 66F,70,70A and 70B, the lawmakers have filled
in the most crucial missing links in the legal apparatus.
Cyber terrorism is a reality, and so is cyber security. If
former is to be checkmated, one needs the latter. Many
different countries are working collaborately and
cooperatively. India too is working with other countries
to check the cyber threat.

19
6. BIBLIOGRAPHY
BOOKS
Vakul sharma , Information and technology law and practice, forth edition

WEBSITES

https://cs.stanford.edu/people/eroberts/cs201/projects/viruses/c
ert.html
https://en.wikipedia.org/wiki/Computer_emergency_response_te
am#Global
http://www.cert-in.org.in/
https://cs.stanford.edu/people/eroberts/cs201/projects/viruses/c
ert.html
https://www.us-cert.gov/
https://www.gov.uk/government/news/uk-launches-first-
national-cert

20