home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: F.2 U. S. Government Organizations Appendix F
Next: G. Table of IP Services

F.3 Emergency Response Organizations

The Department of Justice, FBI , and U.S. Secret Service organizations listed below investigate violations of the federal laws described in Chapter 26, Computer Security and U.S. Law . The various response teams that comprise the Forum of Incident and Response Security Teams ( FIRST ) do not investigate computer crimes per se, but provide assistance when security incidents occur; they also provide research, information, and support that can often help those incidents from occurring or spreading.

F.3.1 Department of Justice (DOJ)

Criminal Division
General Litigation and Legal
Advice Section
Computer Crime Unit
Department of Justice
Washington, DC 20001
Voice: +1-202-514-1026

F.3.2 Federal Bureau of Investigation (FBI)

National Computer Crimes Squad
Federal Bureau of Investigation
7799 Leesburg Pike
South Tower, Suite 200
Falls Church, VA 22043
Voice: +1-202-324-9164

F.3.3 U.S. Secret Service (USSS)

Financial Crimes Division Electronic Crime
Branch U.S. Secret Service Washington, DC 20001 Voice:

F.3.4 Forum of Incident and Response Security Teams (FIRST)

The Forum of Incident and Response Security Teams ( FIRST ) was established in March 1993. FIRST is a coalition that brings together a variety of computer security incident-response teams from the public and private sectors, as well as from universities. FIRST 's constituents comprise many response teams throughout the world. FIRST 's goals are to:

  • Boost cooperation among information technology users in the effective prevention of, detection of, and recovery from computer security incidents

  • Provide a means to alert and advise clients on potential threats and emerging incident situations

  • Support and promote the actions and activities of participating incident response teams, including research and operational activities

  • Simplify and encourage the sharing of security-related information, tools, and techniques

FIRST sponsors an annual workshop on incident response that includes tutorials and presentations by members of response teams and law enforcement.

FIRST incorporated in mid-1995 as a nonprofit entity. One consequence of this is a migration of FIRST Secretariat duties away from NIST . However, as this book goes to press, the Secretariat can still be reached at:

FIRST Secretariat
Forum of Incident and Response Security Teams
National Institute of Standards and Technology
A-216 Technology Building
Gaithersburg, MD 20899-0001
Phone: +1-301-975-3359
Email: first-sec@first.org


At the time this book went to press, FIRST consisted of the organizations that are listed below (also provided is a description of the constituencies served by each of the organizations). Check online for the most up-to-date list of members.

If you have a security problem or need assistance, first attempt to determine which of these organizations most clearly covers your operations and needs. If you are unable to determine which (if any) FIRST group to approach, call any of them for a referral to the most appropriate team.

Most of these response teams have a PGP key with which they sign their advisories or enable constituents to report problems in confidence. A copy of the PGP keyring is kept as:


Most teams have arrangements to monitor their phones 24 hours a day, 7 days a week.

F.3.4.1 All Internet sites

Organization: CERT Coordination Center
Email: cert@cert.org
Telephone: +1-412-268-7090
FAX : +1-412-268-6989 FTP:
WWW: http://www.sei.cmu.edu/technology/trustworthy.html

Note: The CERT (sm) Coordination Center (CERT-CC)
is the organization that grew from the computer emergency response
team formed by the Advanced Research Projects Agency (ARPA) in November
1988 (in the wake of the Internet Worm and similar incidents). The
CERT charter is to work with the Internet community to facilitate
its response to computer security events involving Internet hosts,
to take proactive steps to raise the community's awareness
of computer security issues, and to conduct research into improving
the security of existing systems. Their WWW and FTP archive contain
an extensive collection of alerts about past (and current) security

F.3.4.2 ANS customers

Organization: Advanced Network & Services, Inc. (ANS)
Email: anscert@ans.net
Voice: +1-313-677-7333
FAX: +1-313-677-7310

F.3.4.3 Apple Computer worldwide R&D community

Organization: Apple COmputer REsponse Squad:Apple CORES
Email: lsefton@apple.com
Voice: +1-408-974-5594 FAX: +1-408-974-4754

F.3.4.4 Australia: Internet .au domain

Organization: Australian Computer Emergency Response Team (AUSCERT)
Email: auscert@auscert.org.au
Voice: +61-7-3365-4417
FAX: +61-7-3365-4477
WWW: http://www.auscert.org.au

F.3.4.5 Bellcore

Organization: Bellcore
Email: sb3@cc.bellcore.com
Voice: +1-908-758-5860
FAX: +1-908-758-4504

F.3.4.6 Boeing

Organization: Boeing CERT (BCERT)
Email: compsec@maple.al.boeing.com
Voice: +1-206-657-9405
After Hours: +1-206-655-2222
FAX: +1-206-657-9477

Note: All Boeing computing and communication assets for all
Boeing Divisions headquartered in Seattle, Washington, with major
out plant operations in Wichita, Kansas; Philadelphia, Pennsylvania;
Huntsville, Alabama; Houston, Texas; Winnipeg, Canada; and worldwide
customer interface offices.

F.3.4.7 Italy: Internet sites

Organization: CERT-IT
Email: cert-it@dsi.unimi.it
Telephone: +39-2-5500-391
Emergency Phone: +39-2-5500-392
FAX: +39-2-5500-394

F.3.4.8 CISCO Systems

Organization: Network Security Council
Email: karyn@cisco.com
Telephone: +1-408-526-5638
FAX: +1-408-526-5420

F.3.4.9 Digital Equipment Corporation and customers

Organization: SSRT (Software Security Response Team)
Email: rich.boren@cxo.mts.dec.com
Voice: +1-800-354-9000
Emergency Phone: +1-800-208-7940
FAX: +1-901-761-6792

F.3.4.10 DOW USA

Organization: DOW USA
Email: whstewart@dow.com
Voice: +1-517-636-8738
FAX: +1-517-638-7705

F.3.4.11 EDS and EDS customers worldwide

Organization: EDS
Email: jcutle01@novell.trts01.eds.com
Voice: +1-313-265-7514
FAX: +1-313-265-3432

F.3.4.12 France: universities, Ministry of Research and Education in France, CNRS, CEA, INRIA, CNES, INRA, IFREMER, and EDF

Organization: RENATER
Email: morel@urec.fr
Voice: +33-1-44-27-26-12
FAX: +33-1-44-27-26-13

F.3.4.13 General Electric

Organization: General Electric Company
Email: sandstrom@geis.geis.com
Voice: +1-301-340-4848
FAX: +1-301-340-4059

F.3.4.14 Germany: DFN-WiNet Internet sites

Organization: DFN-CERT (Deutsches Forschungsnetz)
Email: dfncert@cert.dfn.de
Telephone: +49-40-54715-262
FAX: +49-40-54715-241
FTP: ftp://ftp.cert.dfn.de/pub
WWW: http://www.cert.dfn.de

Note: The DFN-CERT maintains an extensive online archive of
tools, advisories, newsletters and information from other teams
and organizations. It also maintains a directory of European response

F.3.4.15 Germany: government institutions

Organization: BSI/GISA
Email: fwf@bsi.de
Telephone: +49-228-9582-444
FAX: +49-228-9852-400

F.3.4.16 Germany: Southern area

Organization: Micro-BIT Virus Center
Email: ry15@rz.uni-karlsruhe.de
Voice: +49-721-37-64-22
Emergency Phone: +49-171-52-51-685
FAX: +49-721-32-55-0

F.3.4.17 Hewlett-Packard customers

Organization: HP Security Response Team
Email: security-alert@hp.com

F.3.4.18 JP Morgan employees and customers

Organization: JP Morgan Incident Response Team
Telephone: +1-212-235-5010

F.3.4.19 MCI Corporation

Organization: Corporate System Security
Email: 6722867@mcimail.com
Telephone: +1-719-535-6932
FAX: +1-719-535-1220

F.3.4.20 MILNET

Response Team; DDN (Defense Data Network)
Email: scc@nic.ddn.mil
Voice: +1-800-365-3642
FAX: +1-703-692-5071

F.3.4.21 Motorola, Inc. and subsidiaries

Response Team Motorola Computer Emergency Response Team (MCERT)
Email: mcert@mot.com
Voice: +1-847-576-1616
Emergency Phone: +1-847-576-0669
FAX: +1-847-538-2153

F.3.4.22 NASA: Ames Research Center

Organization: NASA Ames
Email: hwalter@nas.nasa.gov
Telephone: +1-415-604-3402
FAX: +1-415-604-4377

F.3.4.23 NASA: Goddard Space Flight Center

Organization: Goddard Space Flight Center
Email: hmiddleton@gsfcmail.nasa.gov
Telephone: +1-301-286-7233
FAX: +1-301-286-2923

F.3.4.24 NASA: NASA-wide

Organization: NASA Automated Systems Incident Response Capability
Email: nasirc@nasirc.nasa.gov
Voice: +1-800-762-7472 (U.S.)
After Hours: +1-800-759-7243, pin 2023056
FAX: +1-301-441-1853

F.3.4.25 Netherlands: SURFnet-connected sites

Organization: CERT-NL
Email: cert-nl@surfnet.nl
Telephone: +31-302-305-305
FAX: +31-302-305-329

F.3.4.26 NIST (National Institute of Standards and Technology)

Organization: NIST/CSRC
Email: jwack@nist.gov
Telephone: +1-301-975-3359
FAX: +1-301-948-0279

F.3.4.27 NORDUNET: Denmark, Sweden, Norway, Finland, Iceland

Organization: Nordunet
Email: ber@sunet.se
Telephone: +46-8-790-6513
FAX: +46-8-24-11-79

F.3.4.28 Northwestern University

Organization: NU-CERT
Email: nu-cert@nwu.edu
Telephone: +1-847-491-4056
FAX: +1-847-491-3824

F.3.4.29 Pennsylvania State University

Organization: Penn State
Email: krk5@psuvm.psu.edu
Voice: +1-814-863-9533
After Hours: +1-814-863-4375
FAX: +1-814-865-3082

F.3.4.30 Purdue University

Organization: PCERT
Email: pcert@cs.purdue.edu
Voice: +1-317-494-7844
After Hours: +1-317-743-4333, pin 4179
FAX: +1-317-494-0739

F.3.4.31 Small Business Association (SBA): small business community nationwide

Organization: SBA CERT
Email: hfb@oirm.sba.gov
Voice: +1-202-205-6708
FAX: +1-202-205-7064

F.3.4.32 Sprint

Organization: Sprint DNSU
Email: steve.matthews@sprint./sprint.com
Voice: +1-703-904-2406
FAX: +1-703-904-2708

F.3.4.33 Stanford University

Response Team: SUNSet - Stanford University Network Security Team
Email: security@stanford.edu
Telephone: +1-415-723-2911
FAX: +1-415-725-1548

F.3.4.34 Sun Microsystems customers

Organization: Sun Microsystem's Customer Warning System (CWS)
Email: security-alert@sun.com
Voice: +1-415-688-9151
FAX: +1-415-688-8674

F.3.4.35 SWITCH-connected sites

Organization: SWITCH-CERT
Email: cert-staff@switch.ch
Telephone: +41-1-268-1518
FAX: +41-1-268-1568
WWW: http://www.switch.ch/switch/cert
is The Swiss Academic and Research Network

F.3.4.36 TRW network area and system administrators

Computer Emergency Response Committee for Unclassified Systems
Email: zorn@gumby.sp.trw.com
Voice: +1-310-812-1839, 9-5PM, PST
FAX: +1-310-813-4621

F.3.4.37 UK: Defense Research Agency

Organization: Defense Research Agency, Malvern
Email: shore@ajax.dra.hmg.gb
Telephone: +44-1684-895425
FAX: +44-1684-896113

F.3.4.38 U.K. JANET network

Organization: JANET-CERT
Email: cert@cert.ja.net
Telephone: +44-01235-822-302
Fax: +44-01235-822-398

F.3.4.39 UK: other government departments and agencies

Organization: CCTA Email: cbaxter.esb.ccta@gnet.gov.uk
Voice: +44-0171-824-4101/2
FAX: +44-0171-305-3178

F.3.4.40 Unisys internal and external users

Organization: UCERT
Email: garb@po3.bb.unisys.com
Voice: +1-215-986-4038
FAX: +1-212-986-4409

F.3.4.41 U.S. Air Force

Organization: AFCERT
Email: afcert@afcert.csap.af.mil
Voice: +1-210-977-3157
FAX: +1-210-977-4567

F.3.4.42 U.S. Department of Defense

Organization: ASSIST
Email: assist@assist.mil
Voice: +1-800-357-4231 (DSN 327-4700)
FAX: +1-703-607-4735 (DSN 327-4735)

F.3.4.43 U.S. Department of Energy sites, Energy Sciences Network (ESnet), and DOE contractors

Organization: CIAC (Computer Incident Advisory Capability)
Email: ciac@llnl.gov
Voice: +1-510-422-8193
FAX: +1-510-423-8002
FTP: ftp://ciac.llnl.gov/pub/ciac
WWW: http://ciac.llnl.gov

Note: The CIAC maintains an extensive online archive of tools,
advisories, newsletters, and other information.

F.3.4.44 U.S. Department of the Navy

Organization: NAVCIRT (Naval Computer Incident Response Team)
Email: ldrich@fiwc.navy.mil
Voice: +1-804-464-8832
Pager: +1-800-SKYPAGE, pin # 5294117

F.3.4.45 U.S. Veteran's Health Administration

Organization: Veteran's Health Incident Response Security Team
Email: frank.marino@forum.va.gov
Telephone: +1-304-263-0811, ext 4062
FAX: +1-304-263-4748

F.3.4.46 Westinghouse Electric Corporation

Response Team (W)CERT
Email: Nicholson.M%wec@dialcom.tymnet.com
Voice: +1-412-642-3097
FAX: +1-412-642-3871

Previous: F.2 U. S. Government Organizations Practical UNIX & Internet Security Next: G. Table of IP Services
F.2 U. S. Government Organizations Book Index G. Table of IP Services