In the event of major cyber attack, who should you call? The answer, it turns out, is less than clear.
Ostensibly the government’s first-responder unit for cybersecurity, CERT, the Computer Emergency Response Team, in fact, does not have investigative or regulatory powers, CERT Director Randy Vickers said at a security conference this week.
“There’s been many a discussion and many questions of: ‘Who in the government do we call as it relates to cybersecurity or a cyber event?†Vickers said  I would love to sit here and say, US CERT should be your first call.”
But, as FierceGovernmentIT reports, that may not always be the case.
It turns out, a clear definition for what exactly qualifies as a major cyber event is lacking, meaning it’s not always clear when CERT should step in.
“If anybody in this room can tell me where that threshold is [for qualifying a cyber event of national significance], then you’ll probably win the new Nobel Peace Prize for cybersecurity, because that is the toughest thing to define,” Vickers said at a GovSec conference, according to a FierceGovernmentIT report.
It’s been a longstanding problem for the agency, the operational arm of the National Cyber Security Division in  the Department of Homeland Security. (
Defining CERT’s role and its authority has “been the challenge of U.S. CERT and DHS for as long as U.S. CERT has existed,” Vickers added. The cyber unit was formed in 2003 and is aligned closely with the private sector as well.
