Carnegie Mellon response team has battled computer virus attacks since 1988
Pittsburgh’s prominent and growing role as a national center for cybersecurity started with a chance encounter more than 25 years ago.
On Nov. 2, 1988, researchers at the Defense Advanced Research Projects Agency, or DARPA, were ending the workday when calls started coming in from across the country. Something was slowing computer connections on the early Internet — moving freely, guessing passwords to break into systems, accessing files and quickly replicating.
About 60,000 people were connected to the infant web in those days, and many knew each other. The idea had been to build a network for military operations and research that could withstand attacks on any one or two individual computers.
But as the so-called Morris worm spread, questions about security quickly arose. The first computer virus had been unleashed.
“The network was growing, and the mutual trust that everybody enjoyed was really giving way to a more real-world environment of large numbers of people, some of whom might do damaging things,” said Bill Scherlis, one of the DARPA researchers who fielded the phone calls.
For 72 hours, he and researcher Stephen Squires answered queries and coordinated efforts at the University of California at Berkeley and the Massachusetts Institute of Technology to identify the worm and stop it. The worm hit about 6,000 computers.
When they finished, both men agreed they never wanted to do something like that again. With the growing size of the Internet, though, they realized similar attacks likely would keep coming.
Scherlis wrote a memo to the agency head, recommending they establish a National Computer Infection Action Team.
The idea stuck, even if the somewhat awkward name never did.
Twelve days after the Morris incident, on Nov. 14, 1988, Craig Fields, DARPA’s deputy director for research, ran into Larry Druffel, then head of the Software Engineering Institute at Carnegie Mellon University. The men agreed to start the computer response team in Pittsburgh.
On Dec. 6 of that year, DARPA announced the formation of the Computer Emergency Response Team, a name later changed to just CERT. Its job would be to respond to security threats to the network, coordinate research, seek and repair software vulnerabilities, and make Internet users more aware of security needs.
“The recent events serve as a warning that our necessarily increasing reliance on computers and networks, while providing important new capabilities, also creates new kinds of vulnerabilities,” the Department of Defense agency said in a news release.
That night, researchers in Pittsburgh received their first emergency call, said Richard Pethia, the original CERT director who still holds the job.
A federal laboratory on the West Coast discovered someone breaking into its computers. The operators needed help figuring out where the intruders were entering and why. The project took 10 days. Pethia declined to give details because of the secrecy involved.
Like medicine and higher education, cybersecurity took root in Pittsburgh just as the steel mills were closing. It took off. For Pethia, a graduate of Beaver County’s Freedom Area Senior High School and the University of Pittsburgh in Oakland, the meaning of the industry’s local success resonates.
Organizers always believed CERT could not stand alone; others like it would be needed to deal with all of the threats. Now, 316 computer response teams exist in 69 countries. More come online all the time.
“I don’t think any of us imagined how huge it was going to become,” Pethia said. “From a security standpoint, we’re really sort of sitting in the middle of a cyber ‘perfect storm.’ ”
Humans have a huge and growing dependence on globally connected systems, he said. Software and devices are not engineered to withstand constant attacks. And the number of capable hackers keeps growing.
The concept of a cyber 9/11 or Pearl Harbor bothers Scherlis, who worked at CMU before joining DARPA in Arlington, Va., and returned to the Pittsburgh campus after seven years. Attacks happen all the time, he said, and each can be devastating for victims.
“If you want to think in terms of ships being sunk, we’ve had many ships that sunk,” Scherlis said. “… There’s just a constant barrage of assaults, and each one has its own story.
“I think we really have to take on this challenge of: ‘How can we build systems that are secure enough that we can do our business and not feel vulnerable all the time?’ ”
Andrew Conte is a Trib Total Media staff writer. He can be reached at 412-320-7835 or [email protected].