2007 CERT Research Report

This year CERT begins its 20th year of service and research. For the past 20 years we have provided support to the nation and the global community, to help create a collaborative international infrastructure dedicated to improving security across the interconnected world. The successes we have attained have been based on understanding security threats and vulnerabilities, creating practical solutions to security problems, and transitioning these solutions to government and industry.

We envision and are working toward a safer computing world. This will require more knowledgeable and better trained people building better systems that benefit from better systems management. Improved practices and technologies must be widely understood and routinely used to protect, detect, and respond to attacks, failures, and accidents on networked systems.

Our research is focused on four principal objectives:

• Embed software and system assurance techniques in all aspects of the system development life cycle.
• Improve the effectiveness of the international intrusion analysis and response team community.
• Develop an international workforce skilled in secure cyber operations.
• Improve the survivability and resiliency of critical networked information systems.

Accomplishing these objectives requires our own best efforts, as well as cooperation and collaboration within the community we serve. We strive to understand emerging security challenges, and work to transition disciplined improvement approaches such as the Resiliency Engineering Framework, security assessment methods, and threat modeling and mitigation techniques. We continually look forward to anticipate risks and threats to future systems.