CSIRTs and CERTs

The first security incident that negatively affected the operation of the then Internet by shutting down approximately 10% of all connected devices is called the Moriss worm. The worm was launched on the Internet in 1988 by Robert Morris, a student at Cornell University in the United States. This incident started an era of creating and spreading computer viruses, worms, Trojan horses and other similar “electronic vermin”, collectively referred to as malware. And it was this experience that started the discussion on the security of networks and services at the end of the 1980s, in order to subsequently formulate the basic principles of defence, prevention and protection of the transmission of sensitive data.

In response to the Moriss worm, the first CERT team was formed at Carnegie Mellon University (CMU) in the USA. This first ad-hoc CERT was designed to examine the Moriss worm, find an effective defence, and propose a solution to the predicament. In the end, the most valuable result of the team's work was to find that the most important thing was to be prepared in advance for a security breach and launch a predefined and tested defence and recovery rescue plan at the time of the problem, and not just begin to examine what needs to be done and what steps. The result of the work of this first CERT thus started the era of building a global infrastructure of teams of this type.

Carnegie Mellon University has registered the abbreviation CERT as a trademark, and although it is not opposed to its use by other organisations in this context (an organisation wishing to use the abbreviation on behalf of its team must apply for permission to use the abbreviation and usually receive it), this was the reason for the emergence and introduction of the second concept of CSIRT.