U.S., Aussie security centers sign pact

The Computer Emergency Response Teams in the United States and Australia combine forces to develop better tools and techniques to defend the nations' networks.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
2 min read
Two groups that disseminate and analyze information about computer-security incidents in the United States and Australia announced Tuesday they will work together to develop better tools and techniques for protecting corporate and national networks.

The network-security information clearinghouses, known as Computer Emergency Response Teams, or CERTs, have worked together in the past on an informal basis, said Jeffrey Carpenter, manager of the U.S. CERT Coordination Center at Carnegie Mellon University.

"It is not the first time we have ever had an agreement with a response team in another country," he said. "However, in the past, those agreements have been for a specific task."

CERT and AusCERT plan to release joint advisories and work together on creating new tools and techniques to combat threats to the Internet.

The announcement follows the panic caused by the emergence of the fast-spreading Internet worm known as Code Red more than a month ago, which apparently first infected a server at a university in China. In fact, almost 40 percent of the incidents that CERT handles each year become international problems.

The international nature of computer security threats means response centers must also work across national borders, said Carpenter.

"Incident activity is not limited to the U.S. border," he said. "It is important for us to have formal agreements with organizations in other countries."

Sponsored by the Department of Defense and the General Services Administration as well as several member companies, the CERT Coordination Center has become a key information exchange for companies and organization worried about their network security.

CERT's main duties include collecting information about vulnerabilities, analyzing that information and prioritizing the findings. The group also analyzes incident data collected by several government agencies.

While this is the first formal agreement between such groups, there will be more, said Carpenter.

"We are looking to sign agreements with response teams with other countries," he said.