The CERT Coordination Center (CERT/CC), a government-funded Internet security group, said Thursday that it would begin offering to private sector companies advance notice security alerts that it had previously only shared with the government.
CERT/CC, formerly the Computer Emergency Response Team, is a federally funded research and development center based at Pittsburgh's Carnegie Mellon University that studies Internet security threats and receives approximately US$3.5 million a year from the government.
CERT/CC had previously supplied its early warning information to only the U.S. Department of Defense and the General Services Administration, but under the new plan will offer those alerts, usually 45 days before they are released to the general public, to companies that are members of the Internet Security Alliance, of which CERT/CC is a member, a CERT/CC spokesman said. CERT/CC had provided its early warnings only to the government because it is a government-funded organization, and to avoid releasing inflammatory or inaccurate information, a spokesman said.
CERT/CC joined the Internet Security Alliance because the organization had "been looking for a vehicle to allow us to work more closely with the private sector" for some time, as both public and private sector companies face the same threats, said Rich Pethia, director of CERT/CC. The alliance is open to any company and is hoping to get "good cross-sector representation" from all types of companies and from many countries, Pethia said.
Internet Security Alliance members will pay membership dues based on the company's size, ranging from $2,500 to $70,000. Companies contributing at the highest level will receive seats on the alliance's executive board, Pethia said. Other members will receive benefits such as data analysis and training and education in addition to security bulletins, he said. Alerts will still be made generally available, as they had been previously, after the 45-day period has passed.
The Internet Security Alliance was formed in partnership with the Electronic Industries Alliance, an umbrella trade group of electronics groups which boasts a membership of 2,100 companies. The Internet Security Alliance has a dozen members already, including the NASDAQ Stock Market Inc., VeriSign Inc. and Mellon Financial Corp.