SEI Press Release
Media Contact Information
Software Engineering Institute Opens CERT® Analysis Center
December 1, 1999
PITTSBURGH-The Software Engineering Institute (SEI), a federally funded research and development center operated by Carnegie Mellon University, will open the CERT Analysis Center this month. The CERT Analysis Center will address the threat presented by rapidly evolving, technologically advanced forms of cyber attacks. The CERT Analysis Center will expand the work of the CERT Coordination Center (CERT/CC), established at the SEI in 1988 as the world’s first computer emergency response team for Internet security incidents, and widely acknowledged as a world leader in the rapidly expanding field of computer security. Working with its sponsors and associates, the new center will collect and analyze information-assurance data and use it to develop higher leverage responses to vulnerabilities and threats. By identifying vulnerability root causes and developing classification schemes, the new center will facilitate the development of methods and tools that eliminate entire classes of vulnerabilities instead of addressing only specific instances of a class.
Society is increasingly dependent on critical-infrastructure systems for business, government, and defense. This dependency carries increasing risks from system intrusions and compromises that have potentially catastrophic and far-reaching consequences. As societal functions and human progress itself become enmeshed with network technologies, the consequences assume national and even international scope and importance. Current ad-hoc methods in information assurance are insufficient to deal with these escalating consequences.
- Organizations react to vulnerabilities and threats after they are discovered, with little systematic analysis.
- Lessons learned in previous security episodes are quickly forgotten when the next emergency arises.
- Tools and techniques are often specific to particular vulnerabilities and threats and must be continually updated to deal with each new problem as it occurs.
- Attack trends are characterized in only the broadest way, and there is little predictive value in the characterizations.
The center’s mission is to improve information assurance through a program of research based on the collection and analysis of data relevant to information assurance. Results of analysis and research activities will be available to private-sector and government organizations through ongoing programs of technology transition, publication, education, and training. Through detailed analysis of attacks and attack patterns, a system of indications and warnings will be developed to identify problems before they have broad impact. In addition, the new center will conduct an ongoing series of studies and surveys to assess the state of the practice of information assurance and to develop metrics and risk indicators that organizations can use to reduce their risks.
Information technologists, drawn from government, industry, and academia, will collaborate in the new center to develop high-quality solutions to increasingly complex information-assurance problems. With the support of Carnegie Mellon University and the SEI’s Department of Defense sponsor, the CERT Analysis Center will remain closely connected to the research resources and culture of the SEI, building on the SEI’s experience and accomplishments to provide high-quality services and technology to both the public and private sectors.
CERT, and CERT Coordination Center are registered in the U.S. Patent and Trademark Office.