ShareThis Page

Carnegie Mellon response team has battled computer virus attacks since 1988

| Sunday, Feb. 15, 2015, 10:40 p.m.
Richard Pethia, who heads the CERT division of Carnegie Mellon University’s Software Engineering Institute, has held the job since the computer emergency response team formed in 1988.
CERT
Richard Pethia, who heads the CERT division of Carnegie Mellon University’s Software Engineering Institute, has held the job since the computer emergency response team formed in 1988.

Pittsburgh's prominent and growing role as a national center for cybersecurity started with a chance encounter more than 25 years ago.

On Nov. 2, 1988, researchers at the Defense Advanced Research Projects Agency, or DARPA, were ending the workday when calls started coming in from across the country. Something was slowing computer connections on the early Internet — moving freely, guessing passwords to break into systems, accessing files and quickly replicating.

About 60,000 people were connected to the infant web in those days, and many knew each other. The idea had been to build a network for military operations and research that could withstand attacks on any one or two individual computers.

But as the so-called Morris worm spread, questions about security quickly arose. The first computer virus had been unleashed.

“The network was growing, and the mutual trust that everybody enjoyed was really giving way to a more real-world environment of large numbers of people, some of whom might do damaging things,” said Bill Scherlis, one of the DARPA researchers who fielded the phone calls.

For 72 hours, he and researcher Stephen Squires answered queries and coordinated efforts at the University of California at Berkeley and the Massachusetts Institute of Technology to identify the worm and stop it. The worm hit about 6,000 computers.

When they finished, both men agreed they never wanted to do something like that again. With the growing size of the Internet, though, they realized similar attacks likely would keep coming.

Scherlis wrote a memo to the agency head, recommending they establish a National Computer Infection Action Team.

The idea stuck, even if the somewhat awkward name never did.

Twelve days after the Morris incident, on Nov. 14, 1988, Craig Fields, DARPA's deputy director for research, ran into Larry Druffel, then head of the Software Engineering Institute at Carnegie Mellon University. The men agreed to start the computer response team in Pittsburgh.

On Dec. 6 of that year, DARPA announced the formation of the Computer Emergency Response Team, a name later changed to just CERT. Its job would be to respond to security threats to the network, coordinate research, seek and repair software vulnerabilities, and make Internet users more aware of security needs.

“The recent events serve as a warning that our necessarily increasing reliance on computers and networks, while providing important new capabilities, also creates new kinds of vulnerabilities,” the Department of Defense agency said in a news release.

That night, researchers in Pittsburgh received their first emergency call, said Richard Pethia, the original CERT director who still holds the job.

A federal laboratory on the West Coast discovered someone breaking into its computers. The operators needed help figuring out where the intruders were entering and why. The project took 10 days. Pethia declined to give details because of the secrecy involved.

Like medicine and higher education, cybersecurity took root in Pittsburgh just as the steel mills were closing. It took off. For Pethia, a graduate of Beaver County's Freedom Area Senior High School and the University of Pittsburgh in Oakland, the meaning of the industry's local success resonates.

Organizers always believed CERT could not stand alone; others like it would be needed to deal with all of the threats. Now, 316 computer response teams exist in 69 countries. More come online all the time.

“I don't think any of us imagined how huge it was going to become,” Pethia said. “From a security standpoint, we're really sort of sitting in the middle of a cyber ‘perfect storm.' ”

Humans have a huge and growing dependence on globally connected systems, he said. Software and devices are not engineered to withstand constant attacks. And the number of capable hackers keeps growing.

The concept of a cyber 9/11 or Pearl Harbor bothers Scherlis, who worked at CMU before joining DARPA in Arlington, Va., and returned to the Pittsburgh campus after seven years. Attacks happen all the time, he said, and each can be devastating for victims.

“If you want to think in terms of ships being sunk, we've had many ships that sunk,” Scherlis said. “... There's just a constant barrage of assaults, and each one has its own story.

“I think we really have to take on this challenge of: ‘How can we build systems that are secure enough that we can do our business and not feel vulnerable all the time?' ”

Andrew Conte is a Trib Total Media staff writer. He can be reached at 412-320-7835 or andrewconte@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.