CIRT (noun)

Rick Howard: The word is: CIRT

Rick Howard: Spelled: C for cyber, I for incident, R for response, and T for teams.

Rick Howard: Definition: A team responsible for responding to and managing cybersecurity incidents involving computer systems and networks in order to minimize the damage and to restore normal operation as quickly as possible.

Rick Howard: Example sentence: The CIRT worked to break the intrusion kill chain of the Scattered Spider attack campaign

Rick Howard: Origin and context: A Cyber Incident Response Team, CIRT with an I, is similar to a Computer Emergency Response Team, CERT with an E, and a Security Operation Center or SOC. In some cases, security pundits use the terms interchangeably. In general though, a CERT, with an E, coordinates incident response for a community, like a specific country or industry sector. A CIRT, with an I, coordinates intimate response across multiple functions within one organization like IT, legal, and public relations. A SOC is a central location within an organization where a group of security analysts monitor and respond to security-related data from many different sources.

Rick Howard: The idea of a centralized incident response team began in the aftermath of the famous Morris Worm of 1988. A first year computer science graduate student at Cornell University. Robert Tappan Morris, created and launched the worm. It was the first of its kind to cause as much damage as it did by impacting 10% of the existing internet. It also resulted in the first felony conviction in the U.S. under the 1986 Computer Fraud and Abuse Act, and prompted DARPA, the Defense Advanced Research Projects Agency, to fund the establishment of the CERT, with an E, coordination center at Carnegie Mellon University

Rick Howard: Nerd reference: On the Fox TV show 24 that ran from 2001 to 2010, counter-terrorism agent Jack Bauer played by Keifer Sutherland races against the clock to subvert terrorist plots. Back in the CIRT, with an I, Chloe O'Brian played by Mary Lynn Rajskub, manages the tech within the operations center. Back in those days, security vendor CISCO was famous for placing its products on TV shows and movies. This scene opens with a shot of the CISCO product Security Response System showing on one of the operating system monitors. Its alert is that there is a network traffic spike.

Mary Lynn Rajskub: How did this happen?

Mary Lynn Rajskub: Mr. Buchanan, the network security module lit up, someone on the outside is trying to jam our satellite servers. 

Keifer Sutherland: Could this just be a high network loan? 

Mary Lynn Rajskub: No, it's definitely denial of service attempt. What do you want me to do? 

Keifer Sutherland: Did it do any damage yet? 

Mary Lynn Rajskub: No, the CISCO system is self defending. 

Keifer Sutherland: All right. Have one of your people.

Rick Howard: Did you catch that?

Rick Howard: Chloe said that there is no damage yet because the CISCO system is self defending. How cool is that? Now the screen shows that the CISCO Security Response System has prevented a security intrusion.

Mary Lynn Rajskub: Self defending. 

Keifer Sutherland: All right. Have one of your people use a security auditor tool? Maybe it'll lead us to my one's network.

Mary Lynn Rajskub: That was my point from the start.

Rick Howard: Did you catch that too? Chloe's boss just told her to use the CISCO auditing tool. And for those keeping score in just under 45 seconds. CISCO had their product mentioned on four separate occasions, brilliant.

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.