As many of you are aware, a few months ago the CERT Coordination Center
(CERT/CC) announced a new partnership with the Department of Homeland Security's National Cyber Security Division (NCSD) to form a response system for our nation and the Internet infrastructure. While this new partnership, known as US-CERT, has been low key, we have been working aggressively to upgrade our capabilities.
We are pleased to announce significant changes to CERT Advisories that will not only maintain the accuracy and fairness that are the hallmarks of CERT Advisories, but will also provide more information about more topics than before. Beginning January 28, 2004, CERT Advisories will become a core component of US-CERT's Technical Cyber Security Alerts. Significant changes behind the scenes will allow us to provide additional content, in a more timely fashion, to a larger audience.
US-CERT alerts will include not only the content historically produced by CERT/CC staff, but will also integrate additional content contributed by other organizations from both the public and private sectors. We will maintain the same high quality control standards, edit content for security and privacy, and work to ensure technical accuracy as well as timeliness.
In addition, US-CERT is pleased to announce the availability of three new
1. For non-technical professionals, small office and home office users,
individuals, and others who prefer less technical descriptions of
problems, we will be producing a non-technical version of Technical
Cyber Security Alerts when appropriate. This version, known as a Cyber
Security Alert, will allow us to provide more appropriate advice to
both technical and non-technical readers.
2. Also for non-technical professionals, small office and home office
users, individuals and others, US-CERT is pleased to announce Cyber
Security Tips. Tips will be produced every other week and will be short
documents that provide background and education, for home users and
others, that can help prevent problems from occurring in the first
3. Finally, for technical professionals, we are pleased to announce Cyber
Security Bulletins. Bulletins will be produced every other week and
will summarize notable information from the past two weeks, including
topics covered in Cyber Security Alerts and other sources.
If you are a subscriber to this list, you will automatically receive the technical version of US-CERT alerts (the Technical Cyber Security Alert) through this list. No action is necessary on your part. If you are not a subscriber to the CERT Advisory mailing list and wish to receive these alerts, you must subscribe to the new US-CERT mailing list.
If you are interested in receiving any of the other three document types, you must subscribe to those mailing lists separately. Please visit http://www.us-cert.gov/cas/index.html
for further information.
We appreciate your continued support in securing the Internet and the worldwide information infrastructure. We have included a set of anticipated questions and their answers below.
Frequently Asked Questions about the convergence of CERT Advisories and US-CERT alerts
Q: You mentioned "significant changes behind the scenes." What are you
A: Some of these changes include new laboratory and testing facilities,
enhanced communications networks, and access to additional technical
expertise. Most importantly, the new changes include the formation of
strong partnerships with US-CERT across industry and government to take
advantage of the tremendous wealth of information and expertise that
exist. The original descriptions of CERT/CC, laid out more than 15
years ago, our operating history, and the National Strategy to Secure
Cyberspace envisioned just such partnerships.
Q: Why are you making these changes to CERT Advisories?
A: We have taken great care to be accurate, fair, and honest about the
security risks you face, and we feel a tremendous professional
obligation to bring you the best, most trustworthy advice we can to
help you protect your systems. We believe that these changes are
necessary to ensure that we can provide you with the best information
possible to protect your systems against the evolving threats we face.
Q: Does this mean government is taking over the CERT/CC?
A: No. The CERT/CC has always received the vast majority of its funding
from the US Government, and US-CERT alerts will continue to be produced
using the same philosophies as we have in the past, but with more
timely content from more sources and for more topics.
Q: Who will have access to the mailing lists?
A: The CERT Advisory mailing list will remain in the exclusive possession
of Carnegie Mellon University, where the CERT/CC is located, and will
not be disclosed to others. The new US-CERT mailing list will be
similarly managed with strict security controls in place and will not
be used for any purpose other than sending alerts and other messages,
and list maintenance.
Q: Why are you continuing to operate both lists?
A: We are operating both lists for a period of time to preserve the
privacy expectations of the subscribers to the CERT Advisory mailing
list and to allow network administrators sufficient time to make
appropriate adjustments to filters and redistribution engines.
Q: What content will be sent to the lists?
A: Each list will receive identical content through March 2004. During
this time, subscribers to the CERT Advisory mailing list will receive
US-CERT Technical Cyber Security Alerts from
. After that, these mailings will be received
Q: What will happen to the CERT Advisory mailing list?
A: No new subscriptions will be accepted after January 28, 2004, and the
list will eventually be discontinued. We will run both lists for a
period of time, but operating both lists over the long term creates
confusion and management complexity. Subscribers to the CERT Advisory
mailing list will be advised well in advance of the termination date
for that list.
Q: How will US-CERT alerts be signed?
A: They will be signed with the US-CERT key, available online at