Annual Report FY 2004

Press Releases

The SEI issued four press releases in FY 2004:

August 24, 2004
Secret Service and CERT/CC Release Findings of Insider Threat Study: Focus on Banking and Finance Sector

The U.S. Secret Service, a part of the U.S. Department of Homeland Security, and the Carnegie Mellon University Software Engineering Institute's CERT Coordination Center (CERT/CC) today announced the findings of the first Insider Threat Study report, a collaborative effort to better understand insider activities affecting information systems and data in critical infrastructure sectors. The report focuses on the people who have had access to and have perpetrated harm using information systems in the banking and finance sector, which includes credit unions and financial institutions.

July 12, 2004
Carnegie Mellon University Names Paul D. Nielsen Director of the Software Engineering Institute

U.S. Air Force Major General Paul D. Nielsen will become chief executive officer and director of Carnegie Mellon University's Software Engineering Institute effective August 1, 2004. As CEO and director, Nielsen's responsibilities will include setting a technical and business strategy for the Software Engineering Institute.

May 25, 2004
E-Crime Watch Survey, Shows Significant Increase in Electronic Crimes

The 2004 E-Crime Watch survey conducted among security and law enforcement executives by CSO magazine in cooperation with the United States Secret Service and the Carnegie Mellon University Software Engineering Institute's CERT Coordination Center, shows a significant number of organizations reporting an increase in electronic crimes (e-crimes) and network, system, or data intrusions.

October 22, 2003
Carnegie Mellon to Launch New Initiative to Ensure Cybersecurity for Domestic and Commercial Sectors

Carnegie Mellon University is scheduled today to announce an integrated initiative designed to ensure safety for every computer logon. To achieve this goal, the university will combine its existing expertise and related research centers, including the Software Engineering Institute's CERT Coordination Center, under one umbrella organization called Carnegie Mellon CyLab.

Conferences (FY2004) | SEI Published Documents

Journal Articles | Book Chapters | Proceedings | Keynote Presentations | Tutorials

Press Releases | Media Coverage | Government Testimony

Technical Leadership Positions

Media Coverage

In FY 2004, SEI staff members participated in 153 interviews with members of the news media. Staff members provided information about such topics as the Sasser worm, software process improvement, Internet Explorer vulnerabilities, the CERT/CC's partnership with US-CERT, cyber security, and various SEI technologies. A selected bibliography of articles that resulted from interviews with SEI staff members follows.

CBS News
"Vigilante Justice in Cyberspace." June 21, 2004. Viruses, worms, hackers, and data theft are costing companies money and the loss of intellectual property. The U.S.-government funded CERT Coordination Center handled 137,529 computer security incidents in 2003, up from 82,094 last year and 52,658 in 2001.

CIO Magazine
"This Year's Model: Performance Improvement Complements IT Best Practices Frameworks." July 9, 2004. This article about the different methods for measuring process improvement defines both CMM and CMMI in great detail.

"Security Supergroup." April 8, 2004. Through cooperative efforts, the CERT Coordination Center and Carnegie Mellon University have merged to create "CyLab," an information security lab that will focus on cybersecurity.

Computer Business Review Online
"Partnership Calls for Internet Early Warning System." March 19, 2004. A report by the National Cybersecurity Partnership (NCSP) recommends an early warning system to alert computer users of vulnerabilities and incidents. The NCSP said that the system should be operated by US-CERT, of which the CERT Coordination Center is an official partner.

ComputerWorld
"Sasser Outbreak Demonstrates Need for Quick Patch Response." May 7, 2004. The Sasser worm hit some companies hard while leaving others unscathed. The CERT Coordination Center's Art Manion reiterates the need for progress in preventing these vulnerabilities.

"New Cisco Switch Flaw Could Lead to DoS Attacks." April 21, 2004. After warnings of Cisco security flaws from the Department of Homeland Security and US-CERT, the CERT Coordination Center's Shawn Hernan warns that no one is safe from security vulnerabilities and offers advice for safeguarding against such vulnerabilities.

ComputerWorld Australia
"Microsoft Urges Patch Application to Fight IIS Threat." June 28, 2004. The CERT/CC's Marty Lindner is quoted on the latest Microsoft vulnerability affecting Web sites. According to Lindner, the CERT/CC found infections on about 100 Web sites of varying sizes yesterday and informed their operators of the problem. But many other Web sites are likely to be infected, he said.

Federal Computer Week
"Federal Programmers Get Agile." April 26, 2004. This article compares CMM to Agile, noting their similarities and differences.

"Lower CMM Levels Still Worthwhile." March 29, 2004. Though most companies strive for higher levels on the Software Engineering Institute's Capability Maturity Model, lower ratings are still useful for gaining the trust of customers, particularly those in government. What's most important is that companies show their commitment to improvement.

"Strength in Numbers." March 29, 2004. Systems integrators worldwide are adopting the Software Engineering Institute's Capability Maturity Model Integration, a technology that is replacing the traditional Capability Maturity Model. With a broader set of measures than CMM, CMMI can be applied to entire enterprises.

"IRS: IT Plan Back on Track." January 13, 2004. The Software Engineering Institute recently provided the Internal Revenue Service with an independent report on the IRS's delayed, over-cost modernization effort. Thanks to this report and others, the IRS now has a plan for making its Business Systems Modernization Program a success. The IRS plans to retain the SEI as a regular reviewer of its Customer Account Data Engine, which stores all of the IRS's taxpayer information.

Government Computer News
"Air Force CTO Joining Carnegie Mellon." July 12, 2004. Major General Paul D. Nielsen will take over as CEO and director of the Software Engineering Institute on August 1.

IT Directors
"Measuring Process Quality." June 17, 2004. This article explains how the SEI helps IT departments to develop to their fullest potential by using the Capability Maturity Model. It describes the CMM's different levels and other SEI tools for quality assessment.

MacWorld
"IE Security Peril Alert." June 28, 2004. Windows system users have been told to steer clear of using the Internet Explorer browser until it's secure. Marty Lindner of the CERT Coordination Center explains the severity of this security flaw and says the effects will be far reaching.

New York Times
"Demand for Workers Surges in Policing Cybertechnology." February 15, 2004. With the increase and complexity of computer security threats like viruses, worms, and identity theft, computer security experts are in greater demand. The CERT Coordination Center has tracked the rise of computer security incidents, reporting that security problems increased six times from 2000 to 2003.

PBS Newshour with Jim Lehrer
"De-'Bugging' Computers." December 1, 2003. Viruses, worms, and social engineering attacks continue to plague home and business computer users. Experts from the CERT Coordination Center explain how these computer attacks work and how they are affecting computer security.

Wall Street Journal
"Make Software More Reliable." November 17, 2003. As software creeps into every area of modern life, the quality and reliability of software become more and more important. The SEI's Watts Humphrey says that programmers must use processes and procedures to write secure code.

Washington Post
"Report Faults Cyber-Security." July 23, 2004. A recent report on cybersecurity released by the Department of Homeland Security applauds US-CERT for its advancements and developments in cybersecurity.

Conferences (FY2004) | SEI Published Documents

Journal Articles | Book Chapters | Proceedings | Keynote Presentations | Tutorials

Press Releases | Media Coverage | Government Testimony

Technical Leadership Positions

Government Testimony

Palmquist, S.
“Opening Statement on IRS Customer Account Data Engine (CADE) Project,” House Committee on Ways and Means, Subcommittee on Oversight, Washington, DC, February 12, 2004

“Results of an Independent Technical Assessment of the Internal Revenue Service's Customer Account Data Engine,” House Committee on Ways and Means, Subcommittee on Oversight, Washington, DC, February 12, 2004