What is a CERT?
CERT stands for Computer Emergency Response Team. It is a specialised team responsible for preventing, detecting, analysing and handling security incidents in IT and OT (Operational Technology).
CERTs are essential for the cyber resilience of organisations, sectors and countries.
🎯 What does a CERT do?
A CERT performs tasks across:
- Incident response: investigating and resolving security incidents
- Detection: monitoring systems for suspicious activity
- Coordination: collaborating with other parties during large-scale attacks
- Advice: publishing alerts, patches and best practices
- Prevention: helping with risk analyses and awareness training
🧱 Types of CERTs
| Type of CERT | Application area |
|---|---|
| NCSC | National CERT for government and critical infrastructure |
| GovCERT | CERT for central government (now merged into NCSC) |
| Sector CERTs | For specific sectors such as healthcare, education or energy |
| CSIRT (synonym) | Often used as an alternative term for CERT |
| In-house CERT | Within large organisations such as banks, energy companies, etc. |
🔁 In OT environments, CERT tasks are often combined with OT-specific knowledge, for example of ICS, SCADA or PLC systems.
🏭 CERTs in an OT context
In industrial networks, CERTs are involved in:
- Detecting attacks on SCADA systems
- Analysing ransomware infections in production networks
- Advising on measures such as network segmentation, Defense in Depth and CSIR measures
- Working with vendors and the NCSC on coordinated response
🔄 CERT vs. CSIRT
The terms CERT and CSIRT (Computer Security Incident Response Team) are often used interchangeably. In practice they perform the same role: responding to security incidents. The difference is mainly historical and organisational.
📌 In summary
A CERT is a specialised team that detects, investigates and resolves incidents, playing an essential role in protecting IT and OT environments. They work together with other teams, such as the NCSC, to limit and prevent digital damage.