Robotics, medical research, bridges, Heinz Ketchup, the Pittsburgh Toilet — these are the signatures of innovation in the Steel City. But buried underneath the surface of its journey from kitschy and industrial to kitschy and tech-centric is a story about the origins of the global cybersecurity industry.
Pittsburgh’s tech economy has long been recognized for its prowess in robotics and artificial intelligence, largely stemming from a strong pipeline of expertise out of local schools like Carnegie Mellon University and the University of Pittsburgh. While autonomous vehicle companies and autonomous mobile robot providers alike have found ways to profit off of those opportunities, there’s a bedrock of a wider range of technical know-how still waiting to be leveraged into commercial possibilities.
Enter cybersecurity: an industry that was (arguably) born in Pittsburgh.
As the story goes, it all started with CERT, formerly an acronym for the computer emergency response team. The division was founded within CMU’s Software Engineering Institute in 1988 as a response to the internet vulnerabilities exposed by the Morris worm, the country’s first major internet attack.
“In the early hours of response to the Morris worm, you had a number of people working at DARPA at the time — the Defense Advanced Research Projects Agency — who had either ties to the SEI or to Carnegie Mellon School of Computer Science,” Bill Wilson, current deputy director of the CERT Division, told Technical.ly.
Those DARPA employees reached out to CMU contacts, “and they quickly kind of cobbled together a foundation and framework to begin to work with and build a community to as quickly as possible first, mitigate and solve the vulnerability underlying the Morris worm,” Wilson said. But really, the purpose was to respond to what had been a sort of “technical wakeup call” in the realm of internet security. From the outset, it was always clear that CERT would be a new kind of organization in tech, something to “work with a network of vendors and researchers to as best as possible, analyze and identify the [new internet] vulnerabilities and then rally the community to…