The SEI is home to the CERT Program, which was established in 1988 to address internet security problems and to find ways to reduce the number and impact of security breaches. The CERT Program focuses on protection, detection, and response to attacks on networked computer systems. We develop techniques, tools, training, and publications to help organizations achieve better software, better systems, better systems management, and a more skilled workforce.
The CERT Program works to influence vendors and help improve the basic, as-shipped security of their products. Our analysts evaluate the root causes of vulnerabilities and establish secure coding practices. By applying these practices, developers can improve the security and overall quality of new software.
Our research in survivable systems engineering seeks ways to build better systems. It includes assessing the susceptibility of systems to sophisticated attacks and finding ways to improve the design of systems. We are also developing techniques to assess and predict current and potential threats to the internet.
In our work on network situational awareness, we are developing tools and techniques that will improve the ability of network administrators to identify what is happening on their networks and analyze broad network activity. The goal of this work is to quantitatively characterize threats and targeted intruder activity.
The CERT Program has developed risk assessments that help organizations identify and characterize critical information assets and then identify risks to those assets. The organizations can use the results of the assessment to improve their strategies for securing their networked systems.
Our work on governance is part of our effort to encourage organizations to develop and maintain an appropriate level of security. The need for a broad focus on organizational security also inspired our work in security and resiliency engineering, an approach to security that integrates all of an organization's internal processes and best practices into a larger, overarching process that can be defined, measured, and evaluated.
To help organizations address insider threat, we identify precursors and indicators of insiders’ malicious acts, along with countermeasures that will improve the survivability and resiliency of the organization.
Coordinated Response to Security Issues
The scale of emerging networks and the diversity of user communities require a global approach to computer security issues. The CERT Program has supported the development of numerous computer security incident response teams (CSIRTs), providing guidance and training to both new and existing teams. The CERT Program played a significant role in the creation and continued evolution of CSIRTs around the world.
The CERT Program is also developing tools and training for computer forensics. Our goal is to help system and network administrators acquire the skills and resources they need to become effective first responders for security issues. By understanding and implementing forensic procedures, they will be able to collect, preserve, and examine evidential data. Our tools and techniques are equally effective for law enforcers who are solving computer-related crimes.
Training and Education
We use a variety of approaches toward increasing the skills and knowledge of an international workforce. We offer training for executives, technical staff and managers of CSIRTs, system administrators, and other technical personnel interested in learning more about network security. Some of these classes are part of our incident handling certification program.